Accounts.xml stores passwords in plain text.

Ka-Hing Cheung khc at
Tue Dec 18 13:32:30 EST 2007

On Tue, 2007-12-18 at 01:38 -0500, Mark Doliner wrote:
> That's certainly possible.  It's not really something users should have to
> deal with, though.  I'd rather just try md5 and if that fails then fall back
> to XOR.

I don't think silently drop to a known to be insecure authentication
mechanism is a good idea.


More information about the Devel mailing list