Re: [SLUG] Passwords on the web

From: Christopher Hotchkiss (christopher.hotchkiss@gmail.com)
Date: Fri Sep 24 2004 - 13:26:49 EDT


Or you could use a hashing crypt funtion like /etc/shadow and just
stick the hash/user name in the database. Then use php sessions to
keep track of who is logged in.

Question though, why would you pay money to use SSL, I thought OpenSSL
was free/libre?

On Fri, 24 Sep 2004 07:49:18 -0400, Bryan J. Smith <b.j.smith@ieee.org> wrote:
> On Thu, 2004-09-23 at 23:41, Paul M Foster wrote:
> > I've got to provide a low-security password scheme for a customer
> > website. The customer has an xBase database on the site which will
> > contain usernames and passwords. We aren't going to bother with SSL
>
> Considering it is fairly transparent, I'm curious why not?
> Performance?
>
> > or try to avoid having passwords in the clear. The users will be in the
> > hundreds and will change from week to week. The access being managed
> > isn't important enough to have a bulletproof system. We're only
> > restricting access to certain webpages.
> > Most of the ways I've seen to manage this are too cumbersome. For
> > example, using .htaccess and .htpasswd files under HTTP would be nearly
> > impossible, given the above parameters (for example, hundreds of
> > constantly changing users).
> > Has anyone seen a good solution, limited to CGI, Python or PHP?
>
> I don't see why you can't use the .htaccess files with at least digest
> authentication. You can manage the .htaccess file externally.
>
> Or you could also tap an external method for authentication directly.
> There are countless packages or vendor solutions to do this.
>
> --
> Bryan J. Smith b.j.smith@ieee.org
> ------------------------------------------------------------------
> "Communities don't have rights. Only individuals in the community
> have rights. ... That idea of community rights is firmly rooted
> in the 'Communist Manifesto.'" -- Michael Badnarik
>
>
>
>
> -----------------------------------------------------------------------
> This list is provided as an unmoderated internet service by Networked
> Knowledge Systems (NKS). Views and opinions expressed in messages
> posted are those of the author and do not necessarily reflect the
> official policy or position of NKS or any of its employees.
>

-- 
Christopher Hotchkiss
(813)960-9273
http://www.post227.org
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS).  Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:00:53 EDT