[Amdatu-developers] [JIRA] (AMDATUAUTH-41) Store passwords encrypted

Marcel Offermans (JIRA) Mon, 04 Jun 2012 02:07:28 -0700

What exactly is the problem? The description just states that passwords are stored in plain text. But where? And how can a security breach actually be resolved when an unauthorized person as access to the location where those passwords are stored?

If the password is on the filesystem, then obviously the issue is a lot bigger than just the password.
If the password is in some database, then why even bother with the password as you can already access all the data.

Whilst I don't oppose at all to storing some hash of the password, instead of the real thing, I don't think this solves the real issue. Also, in general, all "credentials" related to a User in UserAdmin should potentially be encrypted.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira

_______________________________________________
Amdatu-developers mailing list
[email protected]
http://lists.amdatu.org/mailman/listinfo/amdatu-developers

[Amdatu-developers] [JIRA] (AMDATUAUTH-41) Store passwords encrypted

Reply via email to