From: Joel T. N. <joe...@wm...> - 2008-04-28 20:14:26
|
Hi, It seems when the system times outs, the password is entered into the database. Is this your findings? Joel Norman ----- Original Message ----- From: Bob Wicksall <bwi...@pl...> Date: Monday, April 28, 2008 10:49 am Subject: Re: [VuFind-Tech] Password Retention on LDAP Authentication > I'm not using LDAP but I adapted the same code to work with SIP. > It doesn't look like the password is being intentionally stored > but the user->password variable is being set. If the user somehow > initiated a second logon and this value is still set it could be > inserted into the database. I'd have to do some testing but it > might happen after a users session times out and they logon again. > > Bob > > ----- Original Message ----- > From: "Joel Timothy Norman" <joe...@wm...> > To: vuf...@li... > Sent: Friday, April 25, 2008 2:27:30 PM (GMT-0500) America/New_York > Subject: [VuFind-Tech] Password Retention on LDAP Authentication > > Hi, > > I am running LDAP Authentication. I have noticed that random user > passwords are saved into the mysql database. I would rather not > retain this information since the ldap password is subject to > change. I would rather not be responsible for such items. Is this > a fluke or a feature? Has anyone else experienced this? > > Joel Norman > > > -------------------------------------------------------------------- > ----- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save > $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > _______________________________________________ > Vufind-tech mailing list > Vuf...@li... > https://lists.sourceforge.net/lists/listinfo/vufind-tech > > |