directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <elecha...@gmail.com>
Subject [Authenticator] Question regarding encrypted passwords
Date Sat, 10 Mar 2007 17:23:34 GMT
Hi guys,

I have a doubt, may be you have a clear vision about this point :

is it the server responsability to compare the user's password against 
an encrypted form or should the client encrypt the password before 
sending it to the server ?

I mean, we can have one of those two possibilities :
1) [client] --(clear password)--> <network> --> [server] --> encrypt the 
password and compares it to the stored encrypted password
or
2) [client] --(encrypt password)--> <network> [server] --> compares the 
encrypted password and compares it to the stored encrypted password

?

Emmanuel

PS : we have solution 1 currently implemented. Is it correct ?

Mime
View raw message