Steve Brewin wrote:
Not in the current codebase. While it would be possible add the means to
store the password in an encrytped form within config.xml, this wouldn't
really achieve too much. As we are an open source project, the algorithm
used would be an open 'secret', enabling simple decryption.

If you put a hash of the password, you would not be able to decrypt it. Granted someone could run brute force against it if he/she got the hashed password, but it's at least a step better than nothing.


Not to suggest this change is in any way planned, but just wanted to point out that it could be more secure.

--
Serge Knystautas
Lokitech >> software . strategy . design >> http://www.lokitech.com
p. 301.656.5501
e. [EMAIL PROTECTED]

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Reply via email to