http://bugs.winehq.org/show_bug.cgi?id=28660 Bug #: 28660 Summary: appdb uses phisable/replayable credentials Product: WineHQ Apps Database Version: unspecified Platform: All OS/Version: All Status: UNCONFIRMED Severity: minor Priority: P2 Component: appdb-unknown AssignedTo: wine-bugs(a)winehq.org ReportedBy: kevinperson(a)topicbox.com Classification: Unclassified The recent compromise of the winehq authentication databases highlights the problem with using passwords as authentication credentials: they can be stolen, and then you have to tell all your users their passwords are out there. Use of an authentication server like OpenID (you can't lose secrets if you don't keep them on your server) or a challenge-response scheme like client-side SSL certs or phone verification avoids this problem. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.