> > There is little point to having a reversibly encrypted password. Such
> > things are easily broken.
> Well that depends on the cipher used and your definition of 'easy' I
guess.
Not really. There is a reason why *nix systems have used one-way encryption
since the early days. Otherwise, if I can get your encrypted password, and
I can see the algorithm, I can decrypt the encryption, and see the
clear-text. If the program has access to the decryption key, then either I
do, too, or you've already solved the original problem: access to the key.
Therefore ...
> > Just make make config.xml readable only by the account running
> > the James server.
> Works fine technically. The trouble is that copies of files containing
> secure information do proliferate - as backups, in test environments,
> in support requests, etc.
You're assuming that the encrypted password would be visible, but the
decryption key would not. Seems to me that all you've done is push the
stack a level.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
