Roberto Berto wrote: > On Jan 14, 2008 3:00 PM, GrayHat <[EMAIL PROTECTED]> wrote: > >>> webAdminEncryptedPassword >> it's a nonsense; imVHo it would just suffice to use MD5 to generate >> an hash of the admin password and store the hash inside the config >> file in place of the plain text pwd; at any rate, if someone will be >> able to read your cfg file, then I suspect you'll have bigger problems >> than >> the plain text password one <g> >> > > I disagree strongly you. > > My idea is use MD5 at webAdminEncryptedPassword and MD5 is better than > actual plan text.
It makes no difference if the password is plaintext or an MD5 hash once you have access to the file. What is to stop someone from simply deleting the existing MD5 hash and replacing it with their own? Kevin ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
