Accounts.xml stores passwords in plain text.
daniel.atallah at gmail.com
Tue Dec 18 13:38:47 EST 2007
On Dec 18, 2007 1:32 PM, Ka-Hing Cheung <khc at hxbc.us> wrote:
> On Tue, 2007-12-18 at 01:38 -0500, Mark Doliner wrote:
> > That's certainly possible. It's not really something users should have
> > deal with, though. I'd rather just try md5 and if that fails then fall
> > to XOR.
> I don't think silently drop to a known to be insecure authentication
> mechanism is a good idea.
I tend to agree with this.
In this case, it is really no worse than the current behavior, but if we are
changing something, we might as well do it right.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Devel