On Tue, Jan 17, 2012 at 12:22:35AM +0000, Ed W wrote: > Note I personally believe there are valid reasons to store > plaintext passwords - this seems to cause huge criticism due to > the ensuing disaster which can happen if the database is pinched, > but it does allow for enhanced security in the password exchange, > so ultimately it depends on where your biggest risk lies...
Exactly. In any security decision, consider the threat model first. There are too many kneejerk "secure" ideas in circulation. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
