Subj : src/sbbs3/useredit.cpp
To   : Digital Man
From : MRO
Date : Sun Feb 26 2023 09:18 pm

  Re: src/sbbs3/useredit.cpp
  By: Digital Man to MRO on Sun Feb 26 2023 05:11 pm

 > Synchronet supports many methods of secure authentication (e.g. CRAM-MD5)
 > which means we do practically need the original user password in plan text
 > in memory as some point during the authentiation process(es). So we'd have
 > to have a way to decrypt an encrypted password (i.e. stored in user.tab
 > file). Which means you'd have to have a private key stored somewhere. Is
 > that private key store secure? If it's just a file in the sbbs directory
 > tree, its no more secure than the user.tab file. You see where this is
 > going?
 >
 > What's the point of encrypting the passwords in the user.tab file if all a
 > prying-eye needs is another file from the same directory tree to use as the
 > key to decrypt them?

i dunno, just seems weird that the passwords are in plain text in a few places.
if you think it's okay then i guess it is.

people just have to look at the old and new scripts they use so they can't type a file on the system.
---
 þ Synchronet þ ::: BBSES.info - free BBS services :::

.