On 8/5/05, Paul Taylor <[EMAIL PROTECTED]> wrote: > Bill, > > Well, yes, I realize that base64encoding doesn't provide much in the > way of security... But it's better than the data being completely in the > clear... I have some encryption/decryption code around here somewhere that > could probably be used, but of course the key would have to be in the code, > where it could be seen, so even that doesn't provide great security...
And I disagree. base64encoding provides zero security. Obscuring the data is no excuse for real protection. If we can protect it the right way (a one way hash), we will. Anything less than a one-way hash means it's reversible, passwords shouldn't be reversible in any way shape or form - I'd rather have glaring plaintext passwords reminding me to do something about them than something that at first glance passes muster. I'll personally back out any commit that does a half-ass job at it (not that I expect anyone to make such a commit). Don't hand out your config.xml and you'll be fine. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
