From: Gary K. <gr...@re...> - 2006-10-24 23:17:05
|
Daniel Atallah wrote: > On 10/24/06, Ethan Blanton <el...@ps...> wrote: >> How are the trac passwords stored? Are we going to put the login form >> behind SSL? (That is, do I need to make up Yet Another throwaway >> password for this thing?) > > An excellent question. > > The password is hashed and the hash stored it in a htdigest2 compatible file. > > I'm assuming that we will be using SSL when we get the cert, but > currently the password is submitted in plain-text over HTTP. > > Someone motivated could probably without much difficulty update the > AccountManagerPlugin to be capable to hash the password in javascript > and send the hash - that would be neat. > > -D Why not use digest or digest-md5 instead of basic? -- Gary Kramlich <gr...@re...> |