- From: Yves Lafon <ylafon@w3.org>
- Date: Tue, 12 Sep 2000 14:33:38 +0200 (MET DST)
- To: Brax <JBrax@csi.com>
- cc: JigSaw Mail <www-jigsaw@w3.org>
On Fri, 1 Sep 2000, Brax wrote:
> I''ve been testing 2.1.2, trying to use a 2.0.5 installation and
> installing only new class files in the classes directory
> and new indexers in the jigsaw\config\indexers directory.
>
> It didn't wanted to convert my configuration files 'stores' and 'auth'.
> So the server wasn't working.
> Otherwise, installation worked fine with the complete new release.
> I'm pretty sure that I had the same trouble with the earlier 2.1.1 version and that it had been corrected.
>
> This leads me to ask you two more questions :
> - in version 2.1.1 and 2.1.2, xml files storing user description store
> password in clear format. Couldn't you store it as an MD5 hash so it
> could be crypted ?
Hum, if you want to switch to Digest authentication you have to keep the
password in clear on both side (unless you start the server using a key
used to decipher a store).
So if you want password encrypted (like unix passwords), you just have to
modify the auth filters to match against the crypted password.
Anyway, if you store the password and can retrieve the value easily
without entering a key, it has the same security level as plain text.
> - is there a way to store user's definition in a database, instead
> than your XML files, or at least a way to replicate those informations
> ( so I should not have to create twice users ) ?
Of course, it depends on the way your Authentication filter is working. It
should be easy to make an AclFrame that can gather this information from a
db (see org.w3c.jigsaw.acl package).
I may have a skeleton somewhere.
/\ - Yves Lafon - World Wide Web Consortium -
/\ / \ Architecture Domain - Jigsaw Activity Leader
/ \ \/\
/ \ / \ http://www.w3.org/People/Lafon - ylafon@w3.org
Received on Tuesday, 12 September 2000 08:41:18 UTC