[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris Nighswonger wrote:
> On 10/1/07, Chris Travers <..hidden..> wrote:

> Maybe hash it in the Java script (or whatever method you choose),
> store the hash in a cookie, transmit the hash, have the code unhash
> and pass the password to the DBI connect routine. Thus the only place
> the password is in plain text is in the connect routine. (One must
> wonder why the connect routine is not written to take hashed passwords
> to begin with.)

Or perhaps just require ssl connectivity to postgresql.

Joshua D. Drake


> 
> Regards,
> Chris
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Ledger-smb-devel mailing list
> ..hidden..
> https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel
> 


- --

      === The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564   24x7/Emergency: +1.800.492.2240
PostgreSQL solutions since 1997  http://www.commandprompt.com/
			UNIQUE NOT NULL
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL Replication: http://www.commandprompt.com/products/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHAmfAATb/zqfZUUQRAhjLAJ9+EMxNd4K9R22MVQg1OmDz8roHsACeJnI1
qTBDnNuWnkkzuFoZBGldnO0=
=QO37
-----END PGP SIGNATURE-----