+---------- On Nov 4, russm said: | that's ridiculous - if you can't secure your server enough to protect | the user passwords then you can't secure it enough to protect the | content protected by those passwords, and you're already up the | proverbial creek without a paddle.
Suppose an intruder breaches security to the point where he can see but not modify data on your server. If a password is stored in a recoverable way (e.g. plaintext) on the server, then the intruder gains the privileges granted by that password, which may include the ability to modify data. Typically, a breach allowing modification is worse than a breach allowing only inspection. Therefore, it's better to store a password in a way that allows verification of the password, without allowing recovery of the passwords. Two ideas that come to mind are storing a one-way hash of the password (as the Unix passwd file does) and storing the password on some other device (smartcard or other computer) that supports a limited protocol. -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
