Accounts.xml stores passwords in plain text.

Daniel Atallah daniel.atallah at
Tue Dec 18 13:38:47 EST 2007

On Dec 18, 2007 1:32 PM, Ka-Hing Cheung <khc at> wrote:

> On Tue, 2007-12-18 at 01:38 -0500, Mark Doliner wrote:
> > That's certainly possible.  It's not really something users should have
> to
> > deal with, though.  I'd rather just try md5 and if that fails then fall
> back
> > to XOR.
> I don't think silently drop to a known to be insecure authentication
> mechanism is a good idea.

I tend to agree with this.

In this case, it is really no worse than the current behavior, but if we are
changing something, we might as well do it right.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Devel mailing list