Return-Path: Delivered-To: apmail-httpd-modules-dev-archive@locus.apache.org Received: (qmail 86256 invoked from network); 9 Jun 2007 14:09:47 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 9 Jun 2007 14:09:47 -0000 Received: (qmail 22764 invoked by uid 500); 9 Jun 2007 14:09:48 -0000 Delivered-To: apmail-httpd-modules-dev-archive@httpd.apache.org Received: (qmail 22734 invoked by uid 500); 9 Jun 2007 14:09:48 -0000 Mailing-List: contact modules-dev-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: modules-dev@httpd.apache.org Delivered-To: mailing list modules-dev@httpd.apache.org Received: (qmail 22724 invoked by uid 99); 9 Jun 2007 14:09:48 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 09 Jun 2007 07:09:48 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of jonesf11@gmail.com designates 66.249.92.169 as permitted sender) Received: from [66.249.92.169] (HELO ug-out-1314.google.com) (66.249.92.169) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 09 Jun 2007 07:09:44 -0700 Received: by ug-out-1314.google.com with SMTP id o4so1293643uge for ; Sat, 09 Jun 2007 07:09:22 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=IajFbvRDIM1e50F4uOTiv8EBYrAJyLmHZf8YusWLczqMX8UiB3ZxHVgnOBCb/h3KWXFeR7p/SrU1VR27bxGhixrMLLwzix3EKCuAKxSotqlnbFZ1SkMhvV73o9zIJVJ4++2hoU/CqMdFAvXWhL8ti/bQ8Kf0Hwii5Yj/Xh5LOcA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=c1lYkd1iGyr4Ni46juEfIdiGt6WwkittC56KoNyb6RA6Ny9HbBiNZk+dRnQxL8Aqv0GLCWdniqLk8xlPmzZi44mQLEq9vVePwLKrYcpFcMh6JD6VP7NCJ/7Mrw+8EPt9AF6pJID1DXG6gq6JY3HAMH5IDKMUDBom9QtEh5t6m/c= Received: by 10.78.146.11 with SMTP id t11mr1586995hud.1181398162564; Sat, 09 Jun 2007 07:09:22 -0700 (PDT) Received: by 10.78.52.10 with HTTP; Sat, 9 Jun 2007 07:09:22 -0700 (PDT) Message-ID: Date: Sat, 9 Jun 2007 09:09:22 -0500 From: "Frank Jones" To: modules-dev@httpd.apache.org Subject: Re: Patch for mod_authn_dbd plaintext auth In-Reply-To: <200706090739.12004.markc@renta.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <200706090542.07140.markc@renta.net> <20070609073212.34a71807@grimnir> <200706090739.12004.markc@renta.net> X-Virus-Checked: Checked by ClamAV on apache.org On 6/9/07, Mark Constable wrote: > I personally think it's a valid option to provide and I lean > towards thinking it only applies to the DBD level. A crypted > (or better) password hash in a plain text .htaccess is a good > idea but a database is already a binary blob so both would > prevent trivial accidental viewing of passwords. This isn't directly relevant to your question, but I think it's important to point out that while sqlite databases are binary, they aren't really blobs. Try running "strings" on a sqlite database and you'll see what I mean.