Should have :DOnly specific users (such as the user that the server runs as) should have read access to these files. And of course, the administrator is implicitly trusted.
I do trust most server admins but nothing can guarantee me that they administer their servers properly. If a Jabber server gets compromised a _lot_ of users will lose their passwords and a _lot_ of users are using the same password for close to everything. Yes, that's really stupid of them but that's not the point. IMO it is very undesirable that passwords are stored in plaintext, IMO we should get rid of that ASAP :D I know we'll have to live with plaintext passwords for quite some time to come but IMO it would be a Good Thing(tm) if clients/servers would default to storing hashed passwords.
Bart
_______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
