2 Oct 2007 17:45
Re: Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)
Chris Travers wrote: > On 10/1/07, Joshua D. Drake <jd@...> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Chris Travers wrote: >>> On 10/1/07, Joshua D. Drake <jd@...> wrote: >>>> - >>>> >>>> passwords will not be stored as plain text... they will be an encrypted >>>> hash. I am not understanding the problem. >>> >>> Log in to LedgerSMB with your DB username and password. >>> >>> Click on a link. How does the application know what password to use to >> log >>> into the db? >> You hash and compare? > > > > Ok, maybe I am not being clear. > > To log in on the next page you need to provide PostgreSQL with a username > and password. How do we derive what password we send to PostgreSQL and > where do we store this (it would have to be stored in the clear somewhere > since we have to pass it via the DBI connect routine)? Ahhh o.k. that makes more sense. Let me noodle. > > Best Wishes, > Chris Travers > > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > > ------------------------------------------------------------------------ > > _______________________________________________ > Ledger-smb-devel mailing list > Ledger-smb-devel@... > https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel -- === The PostgreSQL Company: Command Prompt, Inc. === Sales/Support: +1.503.667.4564 24x7/Emergency: +1.800.492.2240 PostgreSQL solutions since 1997 http://www.commandprompt.com/ UNIQUE NOT NULL Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate PostgreSQL Replication: http://www.commandprompt.com/products/
RSS Feed