Hi Alex, >> yes, it's all about prevention;-) Storing plain text passwords is no >> prevention. > > But encrypting them creates only an illusion of safety.
I didn't suggest encrypting them but using hash+salt! > We should not waste our time on irrelevant issues. Whether passwords > are encrypted locally or not is just a matter of cosmetics. I strongly disagree with this statement. And again, I didn't suggest encrypting passwords! What are we discussing here? > What really counts are two issues: > > 1. The _whole_ database must be safe from any external access > 2. We must _trust_ the administrator(s) of the machine 1) the whole discussion about acknowledging that some data are more confidential then other. You obviously don't think so. 2) is usually enforced by legal means and/or by reputation. There is no technical solution to this. > It is ridiculous if we talk about allowing changing passwords and/or > sending them via unencrypted mails, and at the same time make so much > fuss about hiding them within the machine. Again, I am strongly against sending passwords via e-mail. If you don't store the passwords in the first place, there is no way to send them obviously. > Instead, all effort should go into protecting the system itself. There are many ways and different situations where the system should be protected. From the point somewhere gets hold of your database your system is completely unprotected. And confidential databases leak all the time. The thing I suggested would give protection to passwords even if somebody got hold of the database. Cheers, Tomas -- UNSUBSCRIBE: mailto:picol...@software-lab.de?subject=unsubscribe