@Mr Smoeker: Thanks so much for your useful advice. I got it.
On 1/25/2010 9:26 PM, smoeker wrote:
hola,
the passwords within database are encrypted with MD5 algo by default -
since its an openSource project the encryption algo can be
exchanged ;-)
-> the fact, that one can read the MD5 hash from database, is caused
by the security settings of the database itself (-> you can minimize
that risk by restricting access to your database from IP Ranges, for
example)
-> i think, there is a higher risk getting "hacked" by networksniffing
(trying to get user account data via Wireshark , etc...)
Principally there are methods to decrypt a MD5 Hash (by bruteforcing,
e.g.), but if someone has access to the encrypted password, something
else has gone wrong already, i think...
see ya
Smoeker
On 25 Jan., 08:41, The Anh wrote:
Hi there,
As you know, the database of OM (including user data, conference
data ...) can be seen by surfing the address:http://localhost/phpmyadmin.
In this page, I can see the passwords of the users (they were
encrypted) but I wonder that with this code (encrypted password) if
someone can find out the real password or uses them to log in OM with
the user account?
Could anyone explain for me about this?
Thanks alot,
Best Regards,
--
Pham Duc The Anh
Student
Computer Engineering - Course 52
School Of Information& Communication Technology
HaNoi University of Technology
Mobile: 01684580062
E-mail: phamductheanh2...@yahoo.com or anh...@gmail.com
--
You received this message because you are subscribed to the Google Groups
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/openmeetings-user?hl=en.
