Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords

From: Shawn McMahon <smcmahon () eiv com>
Date: Wed, 4 Jun 2003 12:42:07 -0400
On Tue, Jun 03, 2003 at 09:35:28PM +0300, ????? ????? said:


There are a lot of reasons to store the passwords encrypted... And not
that much reasons to store them unencrypted - in fact, there is only one
good reason that i can think of, and it's the need to retrieve lost
passwords, but the best way to do that, is to keep a hardened database
of the unencrypted passwords, and use it for this sole purpose.


IMHO, a better way to do that is to provide a way for privileged users
to change the password, instead of maintaining it anywhere in cleartext.


-- 
Shawn McMahon     | Let every nation know, whether it wishes us well or ill,
EIV Consulting    | that we shall pay any price, bear any burden, meet any
UNIX and Linux    | hardship, support any friend, oppose any foe, to assure
http://www.eiv.com| the survival and the success of liberty. - JFK

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: