Menu
▾
▴
Re: [Gaim-cabal] pidgin.im jabber server questions
|
From: Ethan B. <el...@ps...> - 2006-10-24 21:04:18
|
Daniel Atallah spake unto us the following wisdom: > An excellent question. >=20 > The password is hashed and the hash stored it in a htdigest2 compatible f= ile. Hashed with a real hash, and as such safe on disk? > I'm assuming that we will be using SSL when we get the cert, but > currently the password is submitted in plain-text over HTTP. Can trac be made to use SSL only for logins/etc., and non-SSL for everything else? I assume we don't want SSL for the entire tracker and wiki. If this is the case, can we get a self-signed certificate installed temporarily? > Someone motivated could probably without much difficulty update the > AccountManagerPlugin to be capable to hash the password in javascript > and send the hash - that would be neat. That hash would be plaintext-equivalent, though, so while it wouldn't disclose the password you typed in, it wouldn't fix anything about plaintext login. Ethan --=20 The laws that forbid the carrying of arms are laws [that have no remedy for evils]. They disarm only those who are neither inclined nor determined to commit crimes. -- Cesare Beccaria, "On Crimes and Punishments", 1764 |
