[horde] Horde 4 and custom passwd driver

Jan Schneider jan at horde.org
Mon Mar 19 15:20:45 UTC 2012


Zitat von Vilius ?umskas <vilius at lnk.lt>:

>> >> Actually I could probably do the 'db' setup already in the sql-backend
>> >> configuration itself, by passing the necessary params already there.
>> >> But I'm going to test that later.
>> >
>> > Just curious why don't you use ordinary Sql driver for this? It
>> > already can do custom queries. Or do you use any encryption algorith
>> > which is not implemented?
>>
>> The latter, I use a bcrypt-base64 algorithm to hash the passwords.
>>
>> Do you think it would be easier to add support for that?
>>
>> I attached my driver.
>
> I'm not familiar with bcrypt but from what I see and given that your  
> patch would be accepted into upstream, it probably would be easier.
>
> Check Horde_Auth library Auth.php file.
>
> P.S. You can upload finished contributions at http://bugs.horde.org.

Agreed. I see a few problems with your implementation though:
- you cannot use plain base64_encode(), bcrypt requires a modified  
base64 implementation.
- I very much doubt that str_shuffle is sufficiently random enough to  
generate salts, you want a better random source.

-- 
The Horde Project
http://www.horde.org/



More information about the horde mailing list