On Wed, Feb 04, 2009 at 08:06:34AM +0000, Matthew Seaman wrote: > One idea I've seen and quite like is what OpenLDAP does. Passwords and > other security tokens are Base64 encoded in all output[*]. Sure it's a > trivial encoding that anyone could decode in moments, but it prevents > people trivially reading passwords over your shoulder when they are > displayed on your screen.
Are you sure what you're actually looking at isn't a password *hash*? That's what you'd normally expect to find in the userPassword attribute, and isn't the same thing at all. -- Dominic Hargreaves, Systems Development and Support Team Computing Services, University of Oxford _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
