O'Reilly logo
  • LUIS ENRIQUE LEON thinks this is interesting:

An attacker could potentially decrypt this file to discover the password, particularly when the attacker has knowledge of the key and encryption scheme used by the program. Passwords should be protected even from system administrators and privileged users. Consequently, using encryption is only partly effective in mitigating password disclosure threats.


Cover of Java™ Coding Guidelines: 75 Recommendations for Reliable and Secure Programs


using encryption is ONLY PARTLY EFFECTIVE in mitigating password disclosure threats