[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)

Subject: Re: Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)
From: "Joshua D. Drake" <..hidden..>
Date: Tue, 02 Oct 2007 08:45:05 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris Travers wrote:
> On 10/1/07, Joshua D. Drake <..hidden..> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Chris Travers wrote:
>>> On 10/1/07, Joshua D. Drake <..hidden..> wrote:
>>>> -
>>>>
>>>> passwords will not be stored as plain text... they will be an encrypted
>>>> hash. I am not understanding the problem.
>>>
>>> Log in to LedgerSMB with your DB username and password.
>>>
>>> Click on a link.  How does the application know what password to use to
>> log
>>> into the db?
>> You hash and compare?
> 
> 
> 
> Ok, maybe I am not being clear.
> 
> To log in on the next page you need to provide PostgreSQL with a username
> and password.  How do we derive what password we send to PostgreSQL and
> where do we store this (it would have to be stored in the clear somewhere
> since we have to pass it via the DBI connect routine)?

Ahhh o.k. that makes more sense. Let me noodle.

> 
> Best Wishes,
> Chris Travers
> 
> 
> 
> ------------------------------------------------------------------------
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Ledger-smb-devel mailing list
> ..hidden..
> https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel


- --

      === The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564   24x7/Emergency: +1.800.492.2240
PostgreSQL solutions since 1997  http://www.commandprompt.com/
			UNIQUE NOT NULL
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL Replication: http://www.commandprompt.com/products/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHAmeBATb/zqfZUUQRAjWhAJ4nQ7IwyVdkZAE+zzIq27XGgeIoPgCePbtf
/iuXAEh6ulIoyIMa7jISW8s=
=kX1o
-----END PGP SIGNATURE-----

References:
- Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)
  - From: Chris Travers
- Re: Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)
  - From: Joshua D. Drake
- Re: Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)
  - From: Chris Travers
- Re: Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)
  - From: Joshua D. Drake
- Re: Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)
  - From: Chris Travers

Prev by Date: Re: Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)
Next by Date: Re: Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)
Previous by thread: Re: Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)
Next by thread: Re: Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)
Index(es):
- Date
- Thread