Clear text password and MySQL

[Eric S. Pulley]

--On Tuesday, March 16, 2004 2:13 PM -0800 Joe Rhett <jrhett at isite.net> 
wrote:

> On Wed, Feb 04, 2004 at 11:41:06AM -0800, Eric S. Pulley wrote:
>> In this scenario you are still passing the SALT in clear text to the db
>> but IMO this is much better than having your users logging in with
>> plaintext passwords over an open network.  Especially if your DB is on
>> the same host as cyrus-imap since you can contain it to a socket and not
>> use a network at all for the DB lookups.
>
> So what is the gain here, really?  I may be wrong, but I suspect that
> you've confused yourself on what you are protecting.  If you aren't using
> TLS, then the password is going over the network in cleartext anyway.
>
> If imapd is on a different host than the db, then the encrypted password
> is going with the salt... so effectively cleartext.

Yes, you are correct.  However, the SQL query is going over a switched 
network segment you have control over not the Internet at large.  Or even 
better a socket on a black box.  If your config requires you to pass the 
SQL query over an insecure subnet then you should, of course, SSL encode 
the DB connection.  This allows you to use cram or digest at the mail 
client leaving the admin to deal with the security of the backend, not some 
confused user setting up their account.  Plus it still allows the admin 
access to the cleartext password in the DB.

But it all comes down to were you want to take your risks.  I'm not saying 
you shouldn't use TLS/SSL where ever you can in addition to any other 
security you have in place.  This solution is specifically to allow cram 
and digest connection to the imap server from the Internet while still 
having a cleartext password in the SQL table.  I would not recommend it if 
you do not have this requirement.


---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html