> The reason why IRC servers "IRCD.config" files don't use encryption (see > file attachment for example) is because 49 times out of 50 they do not come > with a GUI program. Administrators main method of changing the > configuration is to manually edit the file using a notepad utility.
It has nothing to do with having a GUI or not. You obviously have no concept of Unix permissions, so using a unix analogy should be avoided in the future. The config file that you speak of would be set to only be readable and/or writable the user running the daemon. Even the existance of that password in the config file woud lend it self a bad design as every application in (linux at least) can have hooks to PAM and use the same encrypted password. If the password *was* in the config file, to read this file, you would need that users priviledges, or priviledges greater than that user. If you have either, crypting the password would be a bit pointless (not to say that people don't do it). I'm not even going to touch the "notepad utility" comment. > Overuse in the use of encrypted passwords can be counter productive to > functionality. > There are good reasons to keep passwords clear text passwords to better > interface with other software. > For example Merak Mail server software > (http://www.icewarp.com/Products/Merak_Email_Server_Software/) > When using this mail server, it can store the accounts on an SQL Server. > The passwords are stored clear text. This enables other software to > interface with its data to create and sync its accounts/passwords with other > systems. No, No, No. Bad design, stupid design. I've never heard of your or "Merak Mail" software, but thanks for pointing them out. I can avoid both steaming piles of crap. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
