[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)
- Subject: Re: Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)
- From: "Joshua D. Drake" <..hidden..>
- Date: Tue, 02 Oct 2007 08:46:08 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chris Nighswonger wrote:
> On 10/1/07, Chris Travers <..hidden..> wrote:
> Maybe hash it in the Java script (or whatever method you choose),
> store the hash in a cookie, transmit the hash, have the code unhash
> and pass the password to the DBI connect routine. Thus the only place
> the password is in plain text is in the connect routine. (One must
> wonder why the connect routine is not written to take hashed passwords
> to begin with.)
Or perhaps just require ssl connectivity to postgresql.
Joshua D. Drake
>
> Regards,
> Chris
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Ledger-smb-devel mailing list
> ..hidden..
> https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel
>
- --
=== The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 24x7/Emergency: +1.800.492.2240
PostgreSQL solutions since 1997 http://www.commandprompt.com/
UNIQUE NOT NULL
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL Replication: http://www.commandprompt.com/products/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHAmfAATb/zqfZUUQRAhjLAJ9+EMxNd4K9R22MVQg1OmDz8roHsACeJnI1
qTBDnNuWnkkzuFoZBGldnO0=
=QO37
-----END PGP SIGNATURE-----