Project InfoSponsor & PartnerInstalling ispCPFAQDocumentationDevelopment
Current time: 06-11-2025, 12:30 AM Hello There, Guest! (LoginRegister)

ispCP - Board - Support / ispCP Omega Contributions Area / Enhancements v / email password in clear text

Post Reply 
email password in clear text
Author Message
ispcomm Offline
Junior Member
*

Posts: 93
Joined: Apr 2008
Reputation: 3
Post: #4
RE: email password in clear text
I would cast my vote in favor of clear text passwords.

There's a very good reason to have clear text passwords on the server: This is because most challenge/response ways for autentication (cram-md5 etc) need to have the clear-text password to compute the hashes which are exchanged on the network (in clear).

Having an encrypted password to start with will limit the authentication mechanisms to plain old "plain-text" which means that the password is sent in clear on an (almost surely) unprotected channel (pop3/imap/smtp).

It's much better to have the password hashes on the network and clear passwords on the server than viceversa.

Also... if someone can peek in your databases and flat files on the server you're already in trouble beyound the simple clear passwords.

ispcomm.
05-02-2008 12:40 AM
Find all posts by this user Quote this message in a reply
Post Reply 


Messages In This Thread
email password in clear text - ghislain - 04-16-2008, 12:27 AM
RE: email password in clear text - joximu - 04-16-2008, 12:36 AM
RE: email password in clear text - ispcomm - 05-02-2008 12:40 AM

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | isp Control Panel ( ispCP ) | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication