General discussion on installation and configuration of SOGo

Text archives Help


Re: [SOGo] Secured session cookies


Chronological Thread 
  • From: Jan-Frode Myklebust < >
  • To:
  • Subject: Re: [SOGo] Secured session cookies
  • Date: Wed, 29 Dec 2010 19:46:00 +0100

On Wed, Dec 29, 2010 at 09:04:28AM -0500, Ludovic Marcotte wrote:
> On 10-12-28 7:55 PM, Ludovic Marcotte wrote:
>
> [snip]
> >For 3 and 4, we could as you suggested store a SHA (or whatever)
> >version of the cleartext password in memcached that we would have
> >got during the very first call and then, upon subsequent calls,
> >compute again the deduced value and compare those hashes instead
> >of going to the LDAP server (or SQL server if using SQL-based
> >authentication).
>
> Done.

And since 1&2 didn't have any plaintext passwords in SOGo, all plaintext
storage of passwords are now gone ? Wow, great! Thank you!


-jf



Archive powered by MHonArc 2.6.16.

Top of page