General discussion on installation and configuration of SOGo

Text archives Help

Re: [SOGo] Secured session cookies

Chronological Thread 
  • From: Jan-Frode Myklebust < >
  • To:
  • Subject: Re: [SOGo] Secured session cookies
  • Date: Tue, 28 Dec 2010 22:19:24 +0100

On Tue, Dec 28, 2010 at 03:46:14PM -0500, Ludovic Marcotte wrote:
> On 10-12-28 3:42 PM, Jan-Frode Myklebust wrote:
> >Couldn't this also be the same string as is stored server side for the
> >secured session cookie, and xor'ed when checking validity ?

> Yes but that wouldn't work with other authenticators - like the
> proxy one (for WebAuth or Apache authentication) or the DAV one (for
> all DAV clients, like Thunderbird, Apple iCal / iPhone, etc.).

So maybe save a salted hash of the password in memcached for this
comparison instead ?


Archive powered by MHonArc 2.6.16.

Top of page