General discussion on installation and configuration of SOGo

Text archives Help


Re: [SOGo] Secured session cookies


Chronological Thread 
  • From: Jan-Frode Myklebust < >
  • To:
  • Subject: Re: [SOGo] Secured session cookies
  • Date: Tue, 28 Dec 2010 21:42:43 +0100

On Tue, Dec 28, 2010 at 02:37:15PM -0500, Ludovic Marcotte wrote:
>
> The password is still stored unencrypted in memcached for
> SOGoCacheCleanupInterval seconds. This is avoid doing a bind on the
> LDAP server for _each_ request coming in, in order to check the
> validity of the password.

Couldn't this also be the same string as is stored server side for the
secured session cookie, and xor'ed when checking validity ?


-jf



Archive powered by MHonArc 2.6.16.

Top of page