Security of LibreSource http://dev.libresource.org/home/community/forum/5f2af37dc0a8001e01fb853a9cf5d56a RE : Security of LibreSource http://dev.libresource.org/home/community/forum/5f2af37dc0a8001e01fb853a9cf5d56a/6f984fadc0a8001e008593d05176d5be Guest 2006-01-11T12:22:54+01:00 so6.properties file. It can be decoded using a Base64 decoder. Thus, you might also consider to protect your .so6 subdirectory.]]> RE : Security of LibreSource http://dev.libresource.org/home/community/forum/5f2af37dc0a8001e01fb853a9cf5d56a/6e4f3fb5c0a8001e01c13c28a3c38454 Rüdiger Lincke 2006-01-11T12:22:54+01:00 RE : Security of LibreSource http://dev.libresource.org/home/community/forum/5f2af37dc0a8001e01fb853a9cf5d56a/5f7254abc0a8001e0179bcddb7a721b1 Sebastien Jourdain 2006-01-11T12:22:54+01:00 We use the Basic authentication system, so it's possible to retreive your password if you listen the tcp packet of the network.

But it's possible to use the SSL connection of Tomcat. Then any web access will be secured.

But there is no Synchronizer client that support SSL, except in our enterprise version.

Concerning the data stored in the database, it's impossible to retreive your real password. Only a hash is stored.

After it's up to you. But, on the web I always use another password. ;-)

Artenum team]]> Security of LibreSource http://dev.libresource.org/home/community/forum/5f2af37dc0a8001e01fb853a9cf5d56a/5f2af44fc0a8001e0054d8caf0a3c09c Rüdiger Lincke 2006-01-11T12:22:54+01:00 I just wonder, how security in LibreSource is handled. Are the user accounts save, I mean when I log in, it is not a SSL secured connection, so it could be possible to see my password as plain text and though retrieve my username and password.

Is it secure to use our local passwords? Or should be use different passwords for our LibreSource accounts? (I know you should have basically for every account a separate password)]]>