Changes to ticket e523287834
By drh on 2009-09-12 15:53:03. See also: artifact content, and ticket history
- Appended to comment:
drh added on 2009-09-12 15:53:03:
There are two options:- User passwords can be stored cleartext in the local database but sent over the wire (during sync) as a hash.
- User passwords are stored has a hash in the local database but are sent in the clear over the wire during a sync.
We believe that (1) is the better choice since it requires an attacker to be able to see the local database in order to find passwords, and if the attacker can see the local database, then he has already compromised the machine. But with (2), the attack need only passively monitor network communications in order to steal passwords.
- Change resolution to "Works_As_Designed"
- Change status to "Closed"