It might be a very good idea to note users who are trying to register for a particular transport, that the password has to be stored in clear on the server. We could encrypt the password based on the XMPP password, but that way the admin can still extract the cleartext password from RAM.
It might be a very good idea to note users who are trying to register for a particular transport, that the password has to be stored in clear on the server. We could encrypt the password based on the XMPP password, but that way the admin can still extract the cleartext password from RAM.
So in any case, let's warn the users properly.