cyrus-sasl mysql auth problem

Patrick Ben Koetter p at state-of-mind.de
Sat Feb 10 04:24:44 EST 2007


* Roberto C. Sanchez <roberto at connexer.com>:
> On Fri, Feb 09, 2007 at 03:59:49PM -0500, Jeremiah Towe wrote:
> > 
> > mysql> select * from accountuser;
> > | username         | password      | prefix       | domain_name      |
> > | maxyourstats0001 | newtest       | maxyourstats | maxyourstats.com |
> > 
> This might be OT, but why on Earth would you store the password in
> *plaintext* in the database?

Because shared-secret mechanisms require the password in plaintext for
comparison?

p at rick

-- 
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>


More information about the Cyrus-sasl mailing list