Menu
▾
▴
Re: [Gaim-cabal] pidgin.im jabber server questions
|
From: Ethan B. <el...@ps...> - 2006-10-24 23:27:26
|
Gary Kramlich spake unto us the following wisdom: > Daniel Atallah wrote: > > On 10/24/06, Ethan Blanton <el...@ps...> wrote: > >> How are the trac passwords stored? Are we going to put the login form > >> behind SSL? (That is, do I need to make up Yet Another throwaway > >> password for this thing?) > >=20 > > An excellent question. > >=20 > > The password is hashed and the hash stored it in a htdigest2 compatible= file. > >=20 > > I'm assuming that we will be using SSL when we get the cert, but > > currently the password is submitted in plain-text over HTTP. > >=20 > > Someone motivated could probably without much difficulty update the > > AccountManagerPlugin to be capable to hash the password in javascript > > and send the hash - that would be neat. > >=20 > > -D >=20 > Why not use digest or digest-md5 instead of basic? I actually prefer basic + ssl for this, as it means my password won't be stored on disk in the clear. Certificate-based auth would be even better. ;-) Ethan --=20 The laws that forbid the carrying of arms are laws [that have no remedy for evils]. They disarm only those who are neither inclined nor determined to commit crimes. -- Cesare Beccaria, "On Crimes and Punishments", 1764 |
