[dev] [patch] Re: [cvs] commit: framework/Auth/Auth ldap.php horde/config conf.xml horde/docs CHANGES

Roel Gloudemans roel at gloudemans.info
Wed Jun 1 23:44:27 PDT 2005


>> Security wise you this should be required. If an administrator should
>> forget to set it, all passwords would be stored e.g. in cleartext (the
>> obvious default value if not set) in the directory, without the admin
>> realizing it.
>
> Agreed, but that is why we set a non-cleartext default value. (md5-hex
> is currently the default)

Indeed, if encryption is not set, getCrypted assumes a default value. 
Patch attached.

Cheers,
Roel.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ldap.patch
Type: text/x-patch
Size: 498 bytes
Desc: not available
Url : http://lists.horde.org/archives/dev/attachments/20050601/e6e77a87/ldap.bin


More information about the dev mailing list