webappsec@securityfocus.com
[Top] [All Lists]

Re: At what layer to hash a password

Subject: Re: At what layer to hash a password
From: Chris Travers
Date: Mon, 28 Jun 2010 21:46:04 -0700
On Mon, Jun 28, 2010 at 1:37 PM, Niels Teusink <teusink@xxxxxxxxxx> wrote:

> No perfect solution I guess :) (especially if you have the multiple 
> interfaces thing to take into account)

The perfect solution would be to use mod_auth_krb5 with Apache and
pass the ticket off to the application, database, etc.  Only works
well on intranets though.....

Best Wishes,
Chris Travers



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

<Prev in Thread] Current Thread [Next in Thread>