> Does anyone else see it as a concern that the Jabber server (1.4.2 > release) and popular transports (aim-t, jit, msn-t, and yahoo-t) save > user account information (user name and password) in plaintext for > anyone with read access on the Jabber server to see?
Transports are an interesting issue - in order to work the way they do, they need to have your password. Either that, or you need to register with them each time. The Jabber server itself is a different story. As far as I'm concerned, its entirely reasonable for the server to store its passwords in plaintext, where appropriate. Only specific users (such as the user that the server runs as) should have read access to these files. And of course, the administrator is implicitly trusted. Rob. -- Robert Norris GPG: 1024D/FC18E6C2 Email+Jabber: [EMAIL PROTECTED] Web: http://cataclysm.cx/
pgp00000.pgp
Description: PGP signature
