[opencms-dev] Securing OpenCms workplace login
Jeremy Cavagnolo
jeremy at paradoxcomponents.com
Thu Feb 10 19:47:07 CET 2005
Thanks for the suggestions. It seems to me that I would have to modify
the OpenCms login module to add javascript MD5 encryption. However,
upon more digging, I found the following in opencms-system.xml:
<passwordhandler
class="org.opencms.security.CmsDefaultPasswordHandler">
<encoding>UTF-8</encoding>
<digest-type>MD5</digest-type>
<param name="compatibility.convert.digestencoding">false</param>
</passwordhandler>
Is there any documentation on the passwordhandler in
opencms-system.xml? Does this default configuration use javascript to
encrypt the password BEFORE sending it?
Thanks,
jeremy
On Thu, 2005-02-10 at 09:42, Jorge González wrote:
> Sorry if this doesn't work for you but...
>
> Why don't you send the password hash instead clear.
> You can use a simple javascript md5 hash and send the hash, not the password
> thru the wires.
>
> If you need all the info secured, this will not work, of course...
>
>
>
> _______________________________________________
> This mail is send to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://mail.opencms.org/mailman/listinfo/opencms-dev
More information about the opencms-dev
mailing list