Subj : src/sbbs3/useredit.cpp
To   : echicken
From : MRO
Date : Mon Feb 27 2023 10:59 am

  Re: src/sbbs3/useredit.cpp
  By: echicken to deon on Mon Feb 27 2023 02:44 pm

 > that can be compared to what we have on file. It's not possible to do this
 > across the board if we don't have the plain password to start from.
 >
 > So we either resort to the lowest common denominator, or we store the
 > encrypted password in many permutations per user, or we require different
 > passwords for different services.

so you think other comparable softwares do the same thing? I wasn't aware of that.  having passwords in multiple files in plain text seems insecure.

also how about just encrypting the system password? i'd be happy with that atleast.  sure it needs to be decrypted somehow.  does that just make it not worth doing?  with the wrong script running, someone can get full access. i've done it several times to demonstrate.
---
 þ Synchronet þ ::: BBSES.info - free BBS services :::

.