apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Bloom <...@covalent.net>
Subject Re: [PATCH] apr_password_validate with LIBEAY des_fcrypt support take 2
Date Sun, 23 Sep 2001 21:16:19 GMT
On Sunday 23 September 2001 01:24 am, Mladen Turk wrote:
> > -----Original Message-----
> > From: Justin Erenkrantz [mailto:jerenkrantz@ebuilt.com]
> > Sent: Sunday, September 23, 2001 12:51 AM
> > To: Mladen Turk
> > Cc: APR Dev List
> > Subject: Re: [PATCH] apr_password_validate with LIBEAY des_fcrypt support
> >
> > > Here is a patch that uses dso to load a libeay32.dll from
> >
> > openssl an enables
> >
> > > apr to validate a password using des_fcrypt.
> >
> > What happens if this dll is not available?  I don't think we're
> > enforcing users to have OpenSSL.
>
> Nothing happens!
> It falls back to the original behavior if the dll coudn't be loaded at
> runtime.

I dislike this.  My concern is that if you take the same binary to 2 different
Windows machines, you will get two different results.  I would prefer to just
have APR always use md5 hashes to protect passwords.  We could basically
just document the des option as depricated, and only provided for backwards
compat with older systems.

If we do this, then we shouldn't need DES on Windows.

Ryan

______________________________________________________________
Ryan Bloom				rbb@apache.org
Covalent Technologies			rbb@covalent.net
--------------------------------------------------------------

Mime
View raw message