web500gw has the abilitiy to change passwords.
Passwords are stored in plain text always, and by this,
this feature is not usable at all.
It would be nice if support for crypt and MD5 passwords
could be added if possible.
Logged In: YES
This sounds like a nice feature.
Changing passwords should be fairly easy to implement.
Cleartext over the web but stored encrypted.
password was md5?
y - encrypt md5 before storing
password was des?
y - encrypt des before storing
store as clean text
For newly added passwords it's a bit more work. The
problem is, you can't know what encryption is provided...
At the moment I'm out of time. But this definately is a
nice feature to have. Maybe you could jump in and help out?
Logged In: YES
First, I wouldn't recommend cleartext / HTTP. It may be
possible to use somethink like sslwrap or running web500gw
in CGI mode via HTTPS from the webserver. At least the last
should work, ain't?
Second, I would recommend at least as option to specify the
algorithm to use on any encryption in the conf file. I would
like to have MD5 always, no users choice. But well, this is
a policy thing. Alternativly the HTML Form may get a new
button or SELECT box.
Currently I'm short in time, too and cannot estimated the
needed time. Seems to requires some MD5 lib which needs to
be added. Well, crypt shouldn't be a problem. If I'll find
some time I will try it, and will send you a patch - but
don't rely on that :)
I have looked through the code i got from other users and
realized, that crypted passwords are somehow supported in
the local modifications from Queen Mary Univerity. If you
have the time to look through the code I could put it on