Daniel Rall wrote:
> I disagree with having secure passwords disabled as the default
> behavior. The system should come with tight security that the
> administrator can loosen at will.
Come on Daniel, the system comes with the root's password set to
'turbine'. This is *NOT* tight security be the password in the DB
encrypted or not.
Turing off password ecryption does not compromise application security,
unless you consider your database to be insecure (in wich situation the
whole system can be described as badly screwed up). What turning
password
encryption off decreases is only users' privacy because then the
administrator
cannot read what funny things they have put into their passwords... :-)
Rafal
--
Rafal Krzewski
Senior Internet Developer
mailto:[EMAIL PROTECTED]
+48 22 8534830 http://e-point.pl
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
