Hi Tomas, > On the other hand, as far as I remember, the "standard" picolisp way of > storing passwords in plain text and even sending them to the user > editing dialog is even worse.
No, this is not the case! The passwords do not go to the GUI, and never leave the server. Yes, they are stored in plain text in the DB. This is not a security problem, because if an aggressor manages to read the DB directly, he got control anyway. It would be a matter of changing just two lines to store them in a hashed form. I decided not to do that for this application. You see the advantage in the current case: After Javier forgot his password (and started this thread) I sent him his old password in an encrypted mail. Cheers, - Alex -- UNSUBSCRIBE: mailto:picol...@software-lab.de?subject=unsubscribe
