[opencms-dev] Securing OpenCms workplace login

Jeremy Cavagnolo jeremy at paradoxcomponents.com
Thu Feb 10 19:47:07 CET 2005


Thanks for the suggestions.  It seems to me that I would have to modify
the OpenCms login module to add javascript MD5 encryption.   However,
upon more digging, I found the following in opencms-system.xml:

<passwordhandler    
        class="org.opencms.security.CmsDefaultPasswordHandler">
     <encoding>UTF-8</encoding>
     <digest-type>MD5</digest-type>
     <param name="compatibility.convert.digestencoding">false</param>
</passwordhandler>

Is there any documentation on the passwordhandler in
opencms-system.xml?  Does this default configuration use javascript to
encrypt the password BEFORE sending it?

Thanks,

jeremy



On Thu, 2005-02-10 at 09:42, Jorge González wrote:
> Sorry if this doesn't work for you but...
> 
> Why don't you send the password hash instead clear.
> You can use a simple javascript md5 hash and send the hash, not the password
> thru the wires.
> 
> If you need all the info secured, this will not work, of course...
> 
> 
> 
> _______________________________________________
> This mail is send to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://mail.opencms.org/mailman/listinfo/opencms-dev




More information about the opencms-dev mailing list