[dev] security idea

Chuck Hagenbuch chuck@horde.org
Mon, 06 Nov 2000 15:28:32 -0500 (EST)

Previous message: [dev] Pass by reference error
Next message: [dev] security idea
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Jon Parise <jon@csh.rit.edu>:

> I think a good short-term action would be to encrypt the passwords
> stored in the session data with some simple key ($conf['sitename'])
> for the time being.  It's in no way "secure", but it keeps plaintext
> passwords was being out in the open.

Okay - I'll work on something like this, with the idea that a cookie value (or
something else) might be used as the key later.

Any ideas on what to use for the encryption? I'd like to not require mcrypt -
I'm looking at the package.HCEMD5 code that we've had around for a while...

-chuck

--
Charles Hagenbuch, <chuck@horde.org>
"If you can't stand the heat, get out of the chicken!" - Baby Blues

Previous message: [dev] Pass by reference error
Next message: [dev] security idea
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]