>Isn't it just easier to use an external database such as MS Access? If you don't mind crawlingly slow speed, sure.
There's no one answer here, folks. Neither "passwords should not be accessible by anyone" nor "passwords must be stored in plain text" are universal truths. In some environments, usually corporate, admins need the quickest possible access for testing and installation purposes. In other environments, users (more likely clients in a hosting environment) are promised that employees do not have access to user passwords, at least as far as direct database access goes. It is equally fallacious to say (a) that encrypting passwords on the back end will prevent malicious admins from accessing data, since once you have control of the IMail server, you can do anything you want, and (b) that heavier password encoding will have *no* effect on the overall security of a system, since it will definitely deter a lot of snooping. No one should place 0% or 100% faith in such a measure. For the record, we have built custom DLLs for IMail that implement non-reversible encryption on the back end, but we make sure that our clients realize that this is certainly not something that *alone* would stand up to a security audit. In addition, it does create a non-negligible performance hit under load. -Sandy -- ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. mailto:[EMAIL PROTECTED] ------------------------------------ -- --- [This E-mail scanned by Declude Anti-Virus] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
