apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: [PATCH] apr_password_validate with LIBEAY des_fcrypt support take 2
Date Mon, 24 Sep 2001 00:04:38 GMT
From: "Ryan Bloom" <rbb@covalent.net>
Sent: Sunday, September 23, 2001 4:16 PM


> On Sunday 23 September 2001 01:24 am, Mladen Turk wrote:
> > > -----Original Message-----
> > > From: Justin Erenkrantz [mailto:jerenkrantz@ebuilt.com]
> > > Sent: Sunday, September 23, 2001 12:51 AM
> > > To: Mladen Turk
> > > Cc: APR Dev List
> > > Subject: Re: [PATCH] apr_password_validate with LIBEAY des_fcrypt support
> > >
> > > > Here is a patch that uses dso to load a libeay32.dll from
> > >
> > > openssl an enables
> > >
> > > > apr to validate a password using des_fcrypt.
> > >
> > > What happens if this dll is not available?  I don't think we're
> > > enforcing users to have OpenSSL.
> >
> > Nothing happens!
> > It falls back to the original behavior if the dll coudn't be loaded at
> > runtime.
> 
> I dislike this.  My concern is that if you take the same binary to 2 different
> Windows machines, you will get two different results.  I would prefer to just
> have APR always use md5 hashes to protect passwords.  We could basically
> just document the des option as depricated, and only provided for backwards
> compat with older systems.

Huh?  Are you suggesting that des is depricated on Win32, or _ALL_ platforms?

> If we do this, then we shouldn't need DES on Windows.

True.


Mime
View raw message