[rt-users] question about password encryption
Jesse
jesse at fsck.com
Wed Aug 23 14:37:02 EDT 2000
The problem is that all the patches I've seen would break existing
installs. which we can't do for 1.0.x (But _will_ happen for 2.0, though there will be an upgrade tool.)
-jesse
On Wed, Aug 23, 2000 at 02:11:12PM -0400, Richard West wrote:
> It's an easy fix that I have sent in a couple of times a long while back (early
> last year, and late the year before), but it never got implemented for some
> reason...
>
> -Rich
>
> Jesse wrote:
>
> > Known deficiency in rt 1.0. That binary file is only readable by root.
> > and the passwords are sent in cleartext over http. it's all quite suboptimal.
> > rt2 will be better about this.
> >
> > On Wed, Aug 23, 2000 at 07:02:16PM +0200, Othmar Pasteka wrote:
> > > hi,
> > >
> > > maybe i missed an important note in the installation/mysql docs
> > > but the passwords of the users are stored plain text in my
> > > database (yeah, yeah, it's a binary file but try less ;)).
> > > pls enlighten me :).
> > >
> > > thanks
> > > Othmar
>
>
--
jesse reed vincent --- root at eruditorum.org --- jesse at fsck.com
pgp keyprint: 50 41 9C 03 D0 BC BC C8 2C B9 77 26 6F E1 EB 91
-------------------------------------------------------------
As I sit here alone looking at green text on a laptop in a mostly bare room listening
to loud music wearing all black, I realize that that it is much less cool in real life :)
--Richard Tibbets
More information about the rt-users
mailing list