> Maybe I'm missing something obvious, but what is the harm in > encrypting/hashing/obfuscating them? It seems bad form to have plain text > passwords stored anywhere when there is some sort of alternative (even if > it's not a particuarly good one). The only con I can possibly think of is > that it might give the admin a false sense of security - but I can't see > that as a major issue, and probably one that can be addressed in the > documentation.
Of course two way reversable encryption is certainly an option instead of just storing the bare plain text password, but the original message author was advocating the use of non reversable hashes, which is not really an option with current authentication schemes and as I mentioned if you are forcing that on admins as the only way to store passwords it scuppers the possiblity of integrating the jabber server into a greater user database. Richard _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
