httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <trawi...@bellsouth.net>
Subject Re: location of md5, sha1, base64, and validate_password
Date Mon, 08 May 2000 02:10:43 GMT
> Date: Sun, 7 May 2000 18:52:15 -0700
> From: "Life is hard, and then you die" <ronald@innovation.ch>
...
> Currently we have md5 and validate_password in apr, and sha1 and
> base64 in ap. To bring validate_password up to date it needs
> access to both sha1 and base64 (this is for Netscape's algorithm).
> Apart from that, having md5 and sha1 in different parts is just
> stupid.
> 
> Also note that nothing in apr depends on md5 on validate_password.
> And now that we have the ap_xlate stuff none of the involved
> functions have any system specific code in them (unless
> ap_MD5InitEBCDIC is meant to be called by something in apr).

FYI... ap_MD5InitEBCDIC() is meant to be called by something outside
of APR (e.g., Apache).

> So, we need a resolution: either we move md5 and validate_password
> back to ap, or we move sha1 and base64 to apr.
> 
> Votes?

no strong opinion from me...

The problem is limited to the placement of the password-specific
stuff:

  ap_validate_password()
  ap_MD5Encode()+ap_MD5InitEBCDIC()

The placement of 

  ap_MD5Init()+ap_MD5SetXlate()+ap_MD5Update()+ap_MD5Final()

is not a problem, right?

If so, you might consider moving just the password-specific stuff.

-- 
Jeff Trawick | trawick@ibm.net | PGP public key at web site:
     http://www.geocities.com/SiliconValley/Park/9289/
          Born in Roswell... married an alien...

Mime
View raw message