directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ole Ersoy <ole.er...@gmail.com>
Subject Re: [Authenticator] Question regarding encrypted passwords
Date Mon, 12 Mar 2007 16:49:30 GMT
Cool.

Yeah - For roadmap stuff I was thinking different UI. 
The vote can still be stored in JIRA.

Anyways that's a little ways down the road :-)


Emmanuel Lecharny wrote:
> Yeah, 1 is the way to go. Forget about 2, it creates a security breach.
>
> For roadmap, we use Jira, and you can vote for using it. The wheel 
> already exists ;)
>
> On 3/10/07, * Ole Ersoy* <ole.ersoy@gmail.com 
> <mailto:ole.ersoy@gmail.com>> wrote:
>
>     Short answer:
>
>     I think 1
>
>     Longer answer/example:
>
>     Tomcat Authentication
>
>     User requests password page and provides credentials.
>
>     Browser encrypts post and sends it.
>
>     Tomcat ssl decrypts.
>
>     Authentication is then performed on the
>     authentication store (ADS possibly).
>
>     So I think the network usually takes care of securing itself, when
>     needed.
>
>     I would probably leave 2 as "possible feature" and post it on our
>     roadmap
>     so that users can vote on it.
>
>     I'll try to create a "Dell IdeaStorm" page for our road map later
>     so that
>     features can be voted for.
>
>     Cheers,
>     - Ole
>
>
>
>
>
>
>     Emmanuel Lecharny wrote:
>     > Hi guys,
>     >
>     > I have a doubt, may be you have a clear vision about this point :
>     >
>     > is it the server responsability to compare the user's password
>     against
>     > an encrypted form or should the client encrypt the password before
>     > sending it to the server ?
>     >
>     > I mean, we can have one of those two possibilities :
>     > 1) [client] --(clear password)--> <network> --> [server] -->
encrypt
>     > the password and compares it to the stored encrypted password
>     > or
>     > 2) [client] --(encrypt password)--> <network> [server] --> compares
>     > the encrypted password and compares it to the stored encrypted
>     password
>     >
>     > ?
>     >
>     > Emmanuel
>     >
>     > PS : we have solution 1 currently implemented. Is it correct ?
>     >
>
>
>
>
> -- 
> Cordialement,
> Emmanuel L├ęcharny
> www.iktek.com <http://www.iktek.com>


Mime
View raw message