On 4/21/05, Christoph hanle <christoph dot hanle at leinpfad dot de> wrote:
> Neil A. Hillard schrieb:
> >>i think it is no good solution, that in the webgui and the config.xml
> >>the passwords for ppoe etc. and the pre-shared-key are always in
> >>cleartype visible; the admin password is hidden or encrypted
> >>respectively. Imho is this a big problem with the security.
> > Try:
> > http://www.m0n0.ch/wall/docbook/faq-plaintextpass.html
> Thx, i have overlooked this part, but i think it might be possible to
> encrypt/decrypt these passwords for example against the admin-password.
> And in the web-gui you can use the "hidden" tag.
> but i still think, this is a big security hole, that should be fixed.
It can't be fixed. Any "fix" would be nothing more than obfuscation.
Creating a false sense of security is worse than making it clear there
should be *no* sense of security.
That FAQ explains why very well.