-
-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Password for pop account are plain text in the database #102
Comments
It would be nice to be able to do that. The POP server requires an unhashed password (being an older standard). If Craig
|
Eventum needs plain text to authenticate to POP3/IMAP (it needs to send password over the wire), as it acts like mail client like your mail agent. You should be using TLS to enhance security. |
I think you wan't understand me glensc. Yes of course you can use TLS. Eventum as you when are talking with the mail server need plain text but not the database and the database administrator needs this kinds of information as plain text saved . Eventum can get the hash, decript and use the plain text with TLS if you want. Ok perhaps not to be worth but i don't like this kind of information in files, properties, databases as plain text saved. |
you're speaking of symmetric encryption, not one way hashing then! passwords are hashed in database, which is one way only! https://en.wikipedia.org/wiki/Cryptographic_hash_function |
Yes symetric encryption, I Know is not a very secure way but it's better than plain text. |
no, passwords are hashed |
Nice job |
#134 is now merged |
btw, do you actually use this feature now? |
Like user passwords i consider the email passwords must to be hashed in the database.
Consider this like an enhacement.
The text was updated successfully, but these errors were encountered: