Password for pop account are plain text in the database

[plindry]

Like user passwords i consider the email passwords must to be hashed in the database.
Consider this like an enhacement.

[cpinfold]

It would be nice to be able to do that.

The POP server requires an unhashed password (being an older standard). If
you are using Google as an example, you can setup an application specific
password for Eventum though.

Craig
On Nov 12, 2015 5:15 PM, "plindry" notifications@github.com wrote:

Like user passwords i consider the email passwords must to be hashed.
Consider this like an enhacement.

—
Reply to this email directly or view it on GitHub
#102.

[glensc]

Eventum needs plain text to authenticate to POP3/IMAP (it needs to send password over the wire), as it acts like mail client like your mail agent. You should be using TLS to enhance security.

[plindry]

I think you wan't understand me glensc. Yes of course you can use TLS.

Eventum as you when are talking with the mail server need plain text but not the database and the database administrator needs this kinds of information as plain text saved . Eventum can get the hash, decript and use the plain text with TLS if you want.

Ok perhaps not to be worth but i don't like this kind of information in files, properties, databases as plain text saved.

[glensc]

you're speaking of symmetric encryption, not one way hashing then! passwords are hashed in database, which is one way only! https://en.wikipedia.org/wiki/Cryptographic_hash_function

[plindry]

Yes symetric encryption, I Know is not a very secure way but it's better than plain text.
I supposed that the passwords are saved with symetric encription. In my mind i translated hashed passwords as the result of a symetric encryption in two ways. (my fault)

[glensc]

no, passwords are hashed

https://github.com/eventum/eventum/releases/tag/v3.0.4
#77

[plindry]

Nice job

[glensc]

#134 is now merged

[glensc]

btw, do you actually use this feature now?