httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: svn commit: r1427548 - in /httpd/httpd/trunk: CHANGES include/ap_mmn.h include/httpd.h modules/aaa/mod_authn_dbd.c modules/aaa/mod_authn_dbm.c modules/aaa/mod_authn_file.c modules/aaa/mod_authn_socache.c server/util.c
Date Wed, 02 Jan 2013 21:21:08 GMT
On Wed, Jan 2, 2013 at 4:02 PM, Stefan Fritsch <sf@sfritsch.de> wrote:
> On Wednesday 02 January 2013, Jim Jagielski wrote:
>> For *real* improvement, wouldn't storing in socache be
>> the optimal method?
>
> Yes. I fear there may be some knee-jerk reaction like "oh my god, they
> are keeping all the passwords in plain-text". But if it would be
> limited to the shmcb socache provider, and if the passwords would be
> cleared after some time of not being used, I don't see any real
> security problems. Any other opinions?
>

For authentication, can you already opt-in to effectively this with
the mod_authn_socache?

Mime
View raw message