On Wed, Oct 27, 2010 at 11:29:46PM +0200, Tomas Hlavaty wrote:
> > Well - in a commercial application, not in the Wiki - if he gets hold
> > of the data, then we don't need to worry about the passwords any more
> > :-D
> yes, it's all about prevention;-) Storing plain text passwords is no
But encrypting them creates only an illusion of safety.
We should not waste our time on irrelevant issues. Whether passwords are
encrypted locally or not is just a matter of cosmetics. What really
counts are two issues:
1. The _whole_ database must be safe from any external access
2. We must _trust_ the administrator(s) of the machine
It is ridiculous if we talk about allowing changing passwords and/or
sending them via unencrypted mails, and at the same time make so much
fuss about hiding them within the machine. Instead, all effort should go
into protecting the system itself.