On 05/01/2013 11:52, Igor Galić wrote:
>
>
> ----- Original Message -----
>> On Wednesday 02 January 2013, Eric Covener wrote:
>>> On Wed, Jan 2, 2013 at 4:02 PM, Stefan Fritsch <sf@sfritsch.de>
>> wrote:
>>>> On Wednesday 02 January 2013, Jim Jagielski wrote:
>>>>> For *real* improvement, wouldn't storing in socache be
>>>>> the optimal method?
>>>>
>>>> Yes. I fear there may be some knee-jerk reaction like "oh my god,
>>>> they are keeping all the passwords in plain-text". But if it
>>>> would be limited to the shmcb socache provider, and if the
>>>> passwords would be cleared after some time of not being used, I
>>>> don't see any real security problems. Any other opinions?
>>>
>>> For authentication, can you already opt-in to effectively this with
>>> the mod_authn_socache?
>>
>> No, mod_authn_socache only caches the lookup of the password hash. It
>> avoids having to open the password file/dbm/whatever but it still
>> calls apr_password_validate() every time. Maybe it should be extended
>> to also cache the real password and the result of
>> apr_password_validate()?
>>
>
> Stupid question time:
> Why can't we store the password *hash* in the socache instead of
> the plain-text password?
>
> i
>
Igor, that is exactly what Stefan is says already happens with
mod_authn_socache, unless I grossly misread...
I'd be +1 allowing for a directive to hash the plaintext in socache, if
it wasn't the default. I'd probably be +0 to it being the default, but
only because I don't see myself as having tuits to look closely enough
at shmcb cache to really understand the security implications for
myself; but if the sysadmin is already opt-ing in for any sort of
authentication caching, then (s)he already is aware of a hypothetical
chance for a security compromise on the system to some degree or another.
Issac
|