Artifact dec4007b46616a1d4bafc2f7486f5ce0c8e001a5

Ticket change [dec4007b46] - Closed ticket e523287834: user passwords are stored in plain text plus 2 other changes by drh on 2009-09-12 15:53:03.

D 2009-09-12T15:53:03
J +comment \n\n<hr><i>drh\sadded\son\s2009-09-12\s15:53:03:</i><br>\nThere\sare\stwo\soptions:\r\n\r\n\s\s1.\s\sUser\spasswords\scan\sbe\sstored\scleartext\sin\sthe\slocal\sdatabase\sbut\r\n\s\s\s\s\s\ssent\sover\sthe\swire\s(during\ssync)\sas\sa\shash.\r\n\r\n\s\s2.\s\sUser\spasswords\sare\sstored\shas\sa\shash\sin\sthe\slocal\sdatabase\sbut\sare\r\n\s\s\s\s\s\ssent\sin\sthe\sclear\sover\sthe\swire\sduring\sa\ssync.\r\n\r\nWe\sbelieve\sthat\s(1)\sis\sthe\sbetter\schoice\ssince\sit\srequires\san\sattacker\sto\r\nbe\sable\sto\ssee\sthe\slocal\sdatabase\sin\sorder\sto\sfind\spasswords,\sand\sif\sthe\r\nattacker\scan\ssee\sthe\slocal\sdatabase,\sthen\she\shas\salready\scompromised\sthe\r\nmachine.\s\sBut\swith\s(2),\sthe\sattack\sneed\sonly\spassively\smonitor\snetwork\r\ncommunications\sin\sorder\sto\ssteal\spasswords.
J resolution Works_As_Designed
J status Closed
K e5232878345cb71d17cc1631b12dd5903b3d272f
U drh
Z 1202ecbf856da3c479ece38ad16dbf51