[imp] Password disclosure

Lars Hecking lhecking@nmrc.ucc.ie
Mon, 26 Nov 2001 10:33:55 +0000

Previous message: [imp] SMTP AUTH
Next message: [imp] Password disclosure
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Lars Hecking writes:
> 
> > No, this is our issue. People asked so many times to make the login 
> > credentials available to all Horde apps, that we put it in the session 
> > data. Unfortunately no one had the time so far to store it encrypted.
>  
>  Can you please provide a patch that leaves out this information
>  until it is fixed properly?
> 
>  One doesn't store cleartext passwords. Never ever.
> 
> > But that will hopefully be fixed before the release.

 Can someone please point out how do disable either writing the
 password to the session file or writing the session file altogether?
 I poked around in horde/lib/Prefs.php, but couldn't really make much
 sense of it.

Previous message: [imp] SMTP AUTH
Next message: [imp] Password disclosure
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]