glob2-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [glob2-devel] (insecure) where it is insecure

From: Kieran P
Subject: Re: [glob2-devel] (insecure) where it is insecure
Date: Mon, 27 Oct 2008 17:37:01 +1300
I agree with Giszmo. These passwords should not be plain text. They should be stored in encrypted format in the text file, and transfered as that md5 string, rather than taking plain text, encrypting it, and sending.

And when you need the password to fill in the YOG login screen, perhaps instead implement a new "Login using last signed in account or relogin" type of thing.

Regards
Kieran


On Sun, Oct 19, 2008 at 6:14 AM, Leo Wandersleb <address@hidden> wrote:
jon Neal wrote:
> The second one doesn't really have a solution, does it? That's just a
> security problem on the users side, so that would deal with them having
> a virus, nothing much can be done there.
>
> (not completely sure, because I haven't done tons of research in this area.)
>

if the stored password is not protected by a password itself (password-manager) this can only be called insecure.


--
Wer mir seinen Brief im verschlossenen Kuvert schicken möchte, kann das mit diesem Schlüssel tun:
http://wiki.leowandersleb.de/index.php/Public_Key


_______________________________________________
glob2-devel mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/glob2-devel

reply via email to
[Prev in Thread] Current Thread [Next in Thread]