Re: src/sbbs3/useredit.cpp
By: Digital Man to MRO on Sun Feb 26 2023 05:11 pm
> Synchronet supports many methods of secure authentication (e.g. CRAM-MD5)
> which means we do practically need the original user password in plan text
> in memory as some point during the authentiation process(es). So we'd have
> to have a way to decrypt an encrypted password (i.e. stored in user.tab
> file). Which means you'd have to have a private key stored somewhere. Is
> that private key store secure? If it's just a file in the sbbs directory
> tree, its no more secure than the user.tab file. You see where this is
> going?
>
> What's the point of encrypting the passwords in the user.tab file if all a
> prying-eye needs is another file from the same directory tree to use as the
> key to decrypt them?
i dunno, just seems weird that the passwords are in plain text in a few places.
if you think it's okay then i guess it is.
people just have to look at the old and new scripts they use so they can't type a file on the system.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
|