[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)





On 10/1/07, Joshua D. Drake <..hidden..> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris Travers wrote:
> On 10/1/07, Joshua D. Drake <..hidden..> wrote:
>> -
>>
>> passwords will not be stored as plain text... they will be an encrypted
>> hash. I am not understanding the problem.
>
>
> Log in to LedgerSMB with your DB username and password.
>
> Click on a link.  How does the application know what password to use to log
> into the db?

You hash and compare?


Ok, maybe I am not being clear.

To log in on the next page you need to provide PostgreSQL with a username and password.  How do we derive what password we send to PostgreSQL and where do we store this (it would have to be stored in the clear somewhere since we have to pass it via the DBI connect routine)?

Best Wishes,
Chris Travers