Quote:
Originally Posted by George_B
Every account is stored in a separate database, accessed by a different set of login credentials. Furthermore, information is encrypted using a different salt for each account.
In the case of third-party SMTP servers we are forced to store it in the clear however. It's still protected in its own secure database.
|
Thanks for the clarification. I'm thinking you could perhaps encrypt third-party credentials with the user's own password so that it is decrypted only when needed... But what you're doing is still leaps and bounds better than some other providers (ahem FM ahem) who didn't even encrypt their users' passwords the last time the topic came up in these forums. That should be good enough unless OP is
really paranoid.