Complete.Org: Mailing Lists: Archives: freeciv-dev: January 2005:
[Freeciv-Dev] (PR#11971) Use encrypted passwords where possible 		Home

[Freeciv-Dev] (PR#11971) Use encrypted passwords where possible

[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
Subject: [Freeciv-Dev] (PR#11971) Use encrypted passwords where possible
From: "Ed Overton" <edoverton@xxxxxxxxxx>
Date: Tue, 18 Jan 2005 15:23:57 -0800
Reply-to: bugs@xxxxxxxxxxx 
<URL: http://bugs.freeciv.org/Ticket/Display.html?id=11971 >

> [kauf - Tue Jan 18 23:00:46 2005]:

> for the simpleton "database" in CVS, there is no point in saving
> passwords encrypted. After all, that database is simply a flat
> file in freeciv registry format.

Sorry, but I don't understand.  Why doesn't it make sense to encrypt
those passwords?  If I launch a server and point folks to it, their
passwords are stored in plain text where I can read them.  Many people
(mistakenly) use the same password everywhere, so it's possible that I
could end up with online bank account passwords on my local disk in
plain text.

I realize this is a little bit of paranoia, but since the code is
straightforward, why not encrypt the password for storage in the flat
file?  (Yes, I know that with a hacked server I could glean those
passwords anyway.)

As to the public key encryption issue, I'm not up to tackle that one,
either.

Thanks,
Ed
[Prev in Thread] Current Thread [Next in Thread]