Full Disclosure mailing list archives
Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords
From: "Michael Osten" <mosten () bleepyou com>
Date: Tue, 3 Jun 2003 11:28:32 -0500
The reason why IRC servers "IRCD.config" files don't use encryption (see file attachment for example) is because 49 times out of 50 they do not
come
with a GUI program. Administrators main method of changing the configuration is to manually edit the file using a notepad utility.
It has nothing to do with having a GUI or not. You obviously have no concept of Unix permissions, so using a unix analogy should be avoided in the future. The config file that you speak of would be set to only be readable and/or writable the user running the daemon. Even the existance of that password in the config file woud lend it self a bad design as every application in (linux at least) can have hooks to PAM and use the same encrypted password. If the password *was* in the config file, to read this file, you would need that users priviledges, or priviledges greater than that user. If you have either, crypting the password would be a bit pointless (not to say that people don't do it). I'm not even going to touch the "notepad utility" comment.
Overuse in the use of encrypted passwords can be counter productive to functionality. There are good reasons to keep passwords clear text passwords to better interface with other software. For example Merak Mail server software (http://www.icewarp.com/Products/Merak_Email_Server_Software/) When using this mail server, it can store the accounts on an SQL Server. The passwords are stored clear text. This enables other software to interface with its data to create and sync its accounts/passwords with
other
systems.
No, No, No. Bad design, stupid design. I've never heard of your or "Merak Mail" software, but thanks for pointing them out. I can avoid both steaming piles of crap. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- IRCXpro 1.0 - Clear local and default remote admin passwords morning_wood (Jun 03)
- Re: IRCXpro 1.0 - Clear local and default remote admin passwords IRCXpro Support (Jun 03)
- Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords Darren Reed (Jun 03)
- Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords IRCXpro Support (Jun 03)
- Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords Darren Reed (Jun 03)
- Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords Michael Osten (Jun 03)
- Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords Darren Reed (Jun 04)
- Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords morning_wood (Jun 03)
- Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords Васил Колев (Jun 03)
- Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords Shawn McMahon (Jun 04)
- Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords Darren Reed (Jun 03)
- Re: IRCXpro 1.0 - Clear local and default remote admin passwords IRCXpro Support (Jun 03)
- Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords Darren Reed (Jun 04)
- <Possible follow-ups>
- RE: Re: IRCXpro 1.0 - Clear local and default remote admin passwords Cushing, David (Jun 04)
- Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords morning_wood (Jun 04)
- Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords Pablo Sol (Jun 04)