apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@covalent.net
Subject Re: cvs commit: apr/test aprtest.dsp aprtest.dsw aprtest.win Makefile.in sendfile.c testmmap.c client.dsp htdigest.dsp server.dsp test.dsw testarg.dsp testfile.dsp testproc.dsp testsig.dsp testsock.dsp testsuite.dsw testthread.dsp testucs.dsp timetest.dsp
Date Mon, 04 Dec 2000 23:11:54 GMT

> > I would really prefer that we keep some way to encode passwords in
> > APR.  This is a portability issue, so -1 (vote, not veto) for removing
> > md5 from APR.
> 
> I'm +1 on moving them to apr-util ... MD5 hashing is entirely portable. That
> is also where SHA-1 hashing is located.
> 
> (the standard crypt() is generally non-portable and would remain in APR;
>  that should solve Ryan's request for a way to hash [not encode] passwords)

We don't have a crypt routine, and there has been no discussion of putting
crypt into APR so far.  Plus, for backwards compatability with 1.3, APR
will need to understand how to check for MD5 passwords.  Unless we can
find some way to get APR to encode MD5 passwords without putting MD5 in
APR, this needs to remain in APR.

Otherwise, andbody who chose to create MD5 password files will need to
re-create their password files for 2.0.  I am -1 for forcing them to do
that, and that is a veto.

Ryan

_______________________________________________________________________________
Ryan Bloom                        	rbb@apache.org
406 29th St.
San Francisco, CA 94131
-------------------------------------------------------------------------------



Mime
View raw message