DeskNow Knowledge Base
 
      
Home Security Is DeskNow using clear text passwords?

Is DeskNow using clear text passwords?

No. Since version 2.0 (June 2003), DeskNow encrypts login passwords that are transmitted from the browser to the server with a very high security standard.

The passwords are hashed using the 128bit MD5 algorithm, with once-only 'salt' tokens. It is mathematically impossible to decode a password from its hashed value.

This is more advanced than most commercial web applications on the market (many oh which still use plain text passwords, or very easily decoded ones).

Since version 1.0, in addition, DeskNow has supported 128bit SSL encryption of all communications.

There are also other encoding options for passwords (ex. 3DES). See this article: http://www.desknow.com/kb/idx/5/004/article/

Note: these comments are valid for the normal login to DeskNow. Authentication via other channels like WebDAV/Webfolders, SMTP, POP3, DirectFiles (which uses the HTTP protocol authentication) is performed according to the respective protocol, which can be weak. This is a shortcoming of the protocols. We recommend using SSL over all these protocols where strong security is required.

Email Article Email
Print Article Print


How helpful was this article to you?
Related Articles
article When opening some emails in my web browser, I see this text: DN_XSS_NEUTRALIZE
This text indicates that DeskNow has blocked...

  November 30, 2005    Views: 28497   
article How do I use DeskNow with SQL Server 2005 (Express or Enterprise) (DeskNow 3.1)?
These instructions apply only to DeskNow 3.1...

(No rating)  May 23, 2006    Views: 16845   
article How do I use DeskNow with IIS?
DeskNow can coexist with IIS in many ways....

  August 12, 2004    Views: 64283   



Powered by Lore :: (c)2003 Pineapple Technologies.