[ejabberd] Change field names in mysql?
bacam at z273.org.uk
Sun Sep 10 01:14:06 MSD 2006
On Sat, Sep 09, 2006 at 09:21:18PM +0400, Sergei Golovan wrote:
> On 9/9/06, Lars Strojny <lars at strojny.net> wrote:
> >supported in MySQL 5.0 and really worth giving it a try. But one thing
> >on Ejabberd annoys me since a long time: why aren't the passwords
> >internally hashed? That's so weird, I don't understand why there is a
> >software in 2006 where passwords are stored in cleartext. Any chance to
> >change this behaviour?
> If ejabberd stored hashed passwords it would be impossible to use
> secure authentication over unencrypted user connection. Passwords
You mean with SASL DIGEST authentication? The RFC for it discusses
exactly what you should do to store hashed passwords (actually, a hash
of user name, realm and password, which is more effective). This gives
you the best of both worlds: you never explicitly give the password when
authenticating, and the server doesn't store it explicitly either.
More information about the ejabberd