Rafal Krzewski <[EMAIL PROTECTED]> writes:
> Daniel Rall wrote:
>
> > I disagree with having secure passwords disabled as the default
> > behavior. The system should come with tight security that the
> > administrator can loosen at will.
>
> Come on Daniel, the system comes with the root's password set to
> 'turbine'. This is *NOT* tight security be the password in the DB
> encrypted or not.
True. It would be better if that could be set during the installation
process. Regardless of whether we ship with poor default passwords, I
still think that turning off password encryption is a bad idea. I
don't know of a free *NIX that comes without password shadowing any
more, and don't personally ship products that deviate from that
excellent pattern.
> Turing off password ecryption does not compromise application security,
> unless you consider your database to be insecure (in wich situation the
> whole system can be described as badly screwed up). What turning
> password
> encryption off decreases is only users' privacy because then the
> administrator
> cannot read what funny things they have put into their passwords... :-)
Heh.
--
Daniel Rall <[EMAIL PROTECTED]>
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
