Hashed User Passwords in Database

Artur Hefczyc <artur.hefczyc@tigase.net> v2.0, June 2014: Reformatted for AsciiDoc. :toc: :numbered: :website: http://tigase.net :Date: 2012-10-09 03:13

By default user passwords are stored in plain-text in the Tigase’s database. However, there is an easy way to have them encoded in either one of already supported ways or to even add a new encoding algorithm on your own.

The reason to store passwords in plain-text format in the database is to make it possible to avoid plain-text password authentication mechanism. At the moment you cannot have hashed passwords in the database and non-plain-text password authentication. On the other hand, the connection between the server and the client is almost always secured by SSL/TLS so maybe the plain-text password authentication method is less of a problem than storing plain-text passwords in the database.

Nevertheless, it is simple enough to adjust this in Tigase’s database and we will add an option in the Tigase installer to allow you to make the decision at installation time.