email plugin: safe password storage
Reported by Martin Häger | August 29th, 2008 @ 12:09 PM
Passwords are at the moment stored in plain text. It would be better to store a SHA1 hash of the password, or something similar.
Comments and changes to this ticket
-
Martin Häger August 30th, 2008 @ 11:20 AM
- State changed from “new” to “open”
-
Martin Häger August 30th, 2008 @ 01:15 PM
- State changed from “open” to “hold”
Using hashed passwords isn't feasible, since the plugin needs to know the password in order to connect to the mail server.
Possible options
- Don't store password at all, force password entry when plugin is restarted (preferred)
- Use a two-way encryption method
Alternatively, use a combination of the two (i.e. store encrypted passwords in memory, decrypt them when needed)
Needs further investigation (ticket on hold).
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
Martin Häger