[rt-users] Security risk! Passwords can be compromised!
Dominic Hargreaves
dominic.hargreaves at oucs.ox.ac.uk
Wed Feb 4 04:39:08 EST 2009
On Wed, Feb 04, 2009 at 08:06:34AM +0000, Matthew Seaman wrote:
> One idea I've seen and quite like is what OpenLDAP does. Passwords and
> other security tokens are Base64 encoded in all output[*]. Sure it's a
> trivial encoding that anyone could decode in moments, but it prevents
> people trivially reading passwords over your shoulder when they are
> displayed on your screen.
Are you sure what you're actually looking at isn't a password *hash*?
That's what you'd normally expect to find in the userPassword
attribute, and isn't the same thing at all.
--
Dominic Hargreaves, Systems Development and Support Team
Computing Services, University of Oxford
More information about the rt-users
mailing list