General discussion on installation and configuration of SOGo

Text archives Help


Re: [SOGo] Secured session cookies


Chronological Thread 
  • From: Ludovic Marcotte < >
  • To:
  • Subject: Re: [SOGo] Secured session cookies
  • Date: Tue, 28 Dec 2010 18:41:37 -0500
  • Organization: Inverse inc.

On 10-12-28 4:19 PM, Jan-Frode Myklebust wrote:
So maybe save a salted hash of the password in memcached for this
comparison instead ?
That password needs to be known by SOGo - because it needs to push its cleartext version to the IMAP server.

The password could be hashed using a string shared across all SOGo cluster members - that would buy a false sense of security for a little while.

--
Ludovic Marcotte

:: +1.514.755.3630 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)




Archive powered by MHonArc 2.6.16.

Top of page