directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1464033 - /directory/site/trunk/content/apacheds/advanced-ug/4.1.1.2-name-password-authn.mdtext
Date Wed, 03 Apr 2013 14:11:04 GMT
Author: elecharny
Date: Wed Apr  3 14:11:04 2013
New Revision: 1464033

URL: http://svn.apache.org/r1464033
Log:
Some formating

Modified:
    directory/site/trunk/content/apacheds/advanced-ug/4.1.1.2-name-password-authn.mdtext

Modified: directory/site/trunk/content/apacheds/advanced-ug/4.1.1.2-name-password-authn.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.1.1.2-name-password-authn.mdtext?rev=1464033&r1=1464032&r2=1464033&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.1.1.2-name-password-authn.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.1.1.2-name-password-authn.mdtext Wed
Apr  3 14:11:04 2013
@@ -141,10 +141,10 @@ Here, one of the **userPassword** value 
     return false
 
 <DIV class="note" markdown="1">
-  A few rule of thumb :
-  o Never store a password as plain text. 
-  o Prefer salted methods over non salted ones, and prefer the strongest one (here, SSHA-512
on Studio 2.0, or SSHA)
-  o crypt is also a good choice
-  o Pick strong passwords, otherwise if someone gets access to the list of passwords, he
or she can run a rainbow attack on it.
-  o Keep in mind that whatever you do, the password will be passed in clear text from the
client to the server. Always use startTLS before any bind, or at least use SSL
+  A few rule of thumb :<BR/>
+  o Never store a password as plain text. <BR/>
+  o Prefer salted methods over non salted ones, and prefer the strongest one (here, SSHA-512
on Studio 2.0, or SSHA)<BR/>
+  o crypt is also a good choice<BR/>
+  o Pick strong passwords, otherwise if someone gets access to the list of passwords, he
or she can run a rainbow attack on it.<BR/>
+  o Keep in mind that whatever you do, the password will be passed in clear text from the
client to the server. Always use startTLS before any bind, or at least use SSL<BR/>
 </DIV>
\ No newline at end of file



Mime
View raw message