On Thu, 14 Oct 2010 12:34:29 +0200 ssc <s...@gmx.biz> wrote: > What's the problem with storing the download password in clear text? I > can't see any security reason for this. This is just the download and > every admin should be able to re-read the password.
My initial idea was that if one user creates a ticket which is password-protected, no password is ever shown or stored, and an administrator won't be automatically able to download it. You can remove it, maybe rename it, but that's it. It seemed logical to hash it right away (and maybe encrypt the file itself - though I didn't have time to do that). The password was originally added into the 'send via e-mail' button as an afterthought ;) > Also now there's a problem, if you create a grant and set the password. > The password won't be sent to your email (notification email) and if > you'll download it a few days later, you have to guess about the > password, which you had set. Note that you usually store your passwords away when signing-up for some service however. If I send the password in all notifications, all the password does is prevent a brute-force attack on ticket IDs. Which is nice, I guess, but not impressive. I'm mostly ok with sending the password in notifications though. But should an administrator have access to all files then?
