Francois Orsini (JIRA) wrote: > [ > http://issues.apache.org/jira/browse/DERBY-866?page=comments#action_12364050 > ] > > Francois Orsini commented on DERBY-866: > --------------------------------------- > > >>Daniel John Debrunner commented on DERBY-866: >>--------------------------------------------- >> >>What's the purpose of returning the password column in the table/vti SYSUSERS? >> > > Password won't be clearly readable, only the base64 representation of a > already hashed password > - no risk really
I think it's a huge risk. You are giving crackers information to start an attack. Every encryption scheme is breakable, it's just a matter of time/cpu usage. Dan.
