On Fri, Sep 17, 2010 at 6:04 PM, Ken Schaefer <[email protected]> wrote:
[...] > > Agreed, I mean I don't want to start a whole thread here or > > miscelaneous security advice, but I do hope people realise that > > the correct pattern is to generate an access token (that only allows > > password reset), send that, allow only one login using it, and force > > the user to come up with a new password. You should never send > > the existing password (indeed, you should never even have it, it > > should be hashed and salted). > > Unfortunately commercial reality means that there are many types of systems > where the > original password needs to be kept. ON your average Windows server, logging > on a > service using a service account requires Windows to keep the password > somewhere. > There are many systems that need to interact with other systems, and require > the original > password to do so. A hash isn't always sufficient. Can't argue with that. But the original comment still stands, the default approach should be to hash and salt, unless someone says "Hey, we need that ...", then you question them rigorously until it's shown to be true :) > Cheers > Ken -- silky http://dnoondt.wordpress.com/ "Every morning when I wake up, I experience an exquisite joy — the joy of being this signature."
