> > Only specific users (such as the user that > > the server runs as) should have read access to these files. And of > > course, the administrator is implicitly trusted. > Should have :D > I do trust most server admins but nothing can guarantee me that they > administer their servers properly. If a Jabber server gets compromised a > _lot_ of users will lose their passwords and a _lot_ of users are using > the same password for close to everything. Yes, that's really stupid of > them but that's not the point. IMO it is very undesirable that passwords > are stored in plaintext, IMO we should get rid of that ASAP :D I know > we'll have to live with plaintext passwords for quite some time to come > but IMO it would be a Good Thing(tm) if clients/servers would default to > storing hashed passwords.
This is entirely an implementation/admin/setup issue, some systems will require plaintext passwords to be stored/accessable in order for them to operate, e.g. where jabber is being integrated into an existing userbase where multiple systems use a central core user database. As Robert says it is all up to the server admin what they want to do on their server and how they store passwords on it, if you dont like their policy then dont use their server, its as simple as that. Personally I dont think we should be forcing particular ideas of how an admin should have their server setup on people, and certainly not forcing those ideas as the only option available to them, all we should be doing is providing suggestions and recommendations. Richard _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
