[Tickets #3696] Add authentication for remote calendars
bugs@bugs.horde.org
bugs at bugs.horde.org
Tue Mar 28 15:10:38 PST 2006
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=3696
-----------------------------------------------------------------------
Ticket | 3696
Updated By | tevans at tachometry.com
Summary | Add authentication for remote calendars
Queue | Kronolith
Version | HEAD
State | Feedback
Priority | 1. Low
Type | Enhancement
Owners |
-----------------------------------------------------------------------
tevans at tachometry.com (2006-03-28 15:10) wrote:
OK - no problem. I wanted to obfuscate the value in the database without
hard-wiring any magic cookies in the code. However, I agree it's not
particularly secure, and we can make it a bit stronger by separating the key
from the encrypted value.
As an (imperfect) alternative, I could add a configuration parameter in the
Horde setup for a global encryption key, optionally generating a random
value for a new Horde installation where no key exists. If this makes sense,
I can also declare a new setup configuration tab to define shared encryption
parameters (key, key strength, algorithm, etc.). I can then plug these
parameters into the Secret class. I will also add some convenience methods
for the Base64 string wrapper.
I'll put together a fresh patch with these additional changes for your
review. I'm also open to other suggestions. Do yo think this same approach
would work to protect the IMP fetch mail credentials?
Thanks,
Tom
More information about the bugs
mailing list