Send password over TCP connection

[Peter Hansen]

Laszlo Zsolt Nagy wrote:
 > Peter Hansen wrote:
>> Ignoring all the other issues, any solution which actually requires 
>> the password to be stored on the server is a bad solution.  
>> Administrators should not have access to user passwords, and in 
>> addition users should not be put in the position of having to trust 
>> your server-side security to keep their passwords (which they might 
>> have used on other systems) from being grabbed by hackers.
>>
> Users will always need to trust in the server. The authentication 
> process ensures that the
> client is really talking with the desired server and vice versa. But 
> even if you know that you
> are talking to the right server, you need to trust in the server. The 
> administrator of the server
> has access to all data. Possibly other persons and softwares too. 
> Passwords are not different from this point of view.

If you're saying that people have no choice but to trust that their 
passwords, stored in the clear on the server of some idiot who didn't 
know better, are safe from casual administrator observation and safe 
from hackers stealing the password file, then you shouldn't be allowed 
anywhere near a supposedly secure system...

If you're just saying that one has to trust that the server you are 
talking to at this instant in time is really the one you thought it was, 
then that's an entirely different issue and I agree.

But storing passwords in the clear, thus allowing administrators full 
access to users' passwords, is absolutely *not* necessary.  That's my 
point, regardless of what other issues this thread spawns.  If the OP 
implements strictly the sequence he mentioned in the posting to which I 
was replying, he'll be the aforementioned idiot...

-Peter