Re: Issue 64 in domuslink: Keep me logging no more working
Philippe Carlier
MD5 is not secure if you want to store a password in a cookie.
I think mcrypt is easy to install ( sudo apt-get install php5-mcrypt).
Perhaps we should ask to to domus users ?
Philipe
Le 15/06/2011 04:05, domu...@googlecode.com a �crit :
>
> Comment #7 on issue 64 by bwsamuels: Keep me logging no more working
> http://code.google.com/p/domuslink/issues/detail?id=64
>
> I tested against a version on my system without the mcrypt but using
> all your changes and it works great!
>
> We'll have to decide if we want to double encrypt the password.
>
> Brad
>
Philippe Carlier
Le 15/06/2011 22:37, Philippe Carlier a �crit :
Brad
i don't disagree with having out more secure but we don't enforce ssl on the web server either so the password is being sent in clear text anyway. Also the password file is only obfuscated with md5sum.
So I'm just trying to make it easier for our users in the time being.
Philippe Carlier
config.php)...
Can you commit your changes ?
Le 16/06/2011 00:11, Brad a �crit :
Brad
Brad
Philippe Carlier
How are you since the last time.
We should go ahead on the fix. This issue is really annoying.
Did you made a fix without mcrypt ?
Philippe
Le 23/06/2011 04:38, Brad a �crit :
> Will do so soon.
>
> Brad
> --
> You received this message because you are subscribed to the Google
> Groups "domuslink-developers" group.
> To view this discussion on the web, visit
> https://groups.google.com/d/msg/domuslink-developers/-/KIdvO1fJv-wJ.
> To post to this group, send an email to
> domuslink-...@googlegroups.com.
> To unsubscribe from this group, send email to
> domuslink-develo...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/domuslink-developers?hl=en-GB.
Brad
I have a branch with some changes, just been too busy with summer. Another 2 or 3 weeks and I will be back into development. I always wait for the colder weather.
Brad
Brad
Brad