[opencms-dev] Securing OpenCms workplace login

Alexander Kandzior alex at opencms.org
Fri Feb 11 09:37:54 CET 2005 

The best documentation is the JavaDoc in the class and the interface itself.

And of course the source code, which just some 100 LOC.

The idea behind the password handler is that e.g. at an installation you may
well want to have a special password policy, e.g. passwords being at last 8
chars long, being compromised of certain characters etc. To achive this
effect, you can implement a password handler that does that special password
checking. Also the password handler is used to verify the correctnet of any
given password when authenticating a users, as well as doning the
serialization of passwords for the user XML export. 

Best Regards,
Alex.

Alexander Kandzior
Alkacon Software - The OpenCms Experts
http://www.alkacon.com

 

> -----Original Message-----
> From: opencms-dev-bounces at opencms.org 
> [mailto:opencms-dev-bounces at opencms.org] On Behalf Of Jeremy Cavagnolo
> Sent: Thursday, February 10, 2005 8:33 PM
> To: The OpenCms mailing list
> Subject: Re: [opencms-dev] Securing OpenCms workplace login
> 
> Thanks for the suggestion, Sebastian.   I will try this later today. 
> Anyone out there have some comments/documentation about the 
> passwordhandler in opencms-system.xml?
> 
> -jeremy
> 
> 
> On Thu, 2005-02-10 at 11:18, Sebastian Himberger wrote:
> > Hi Jeremy
> > 
> > you're right, multiple hosts for one ip are not possible 
> because the 
> > handshake is happening before the virtual host ist 
> resolved. although it
> >   is possible to build a https proxy with mod_proxy and 
> mod_rewrite. I 
> > don't know if this helps in your particular case but i've 
> attached an 
> > example how i achieved ssl for multiple virtual hosts.
> > 
> > # SSL Proxy
> > <VirtualHost *:443>
> >    DocumentRoot "/"
> >    ServerName ssl.server.de
> >    SSLCertificateFile conf/ssl/server.cert
> >    SSLCertificateKeyFile conf/ssl/server.key
> >    SSLEngine on
> >    RewriteEngine on
> >    RewriteCond (%{HTTP_HOST}) host\.de
> >    RewriteRule ^(.*) http://www.host.de$1 [P]
> >    RewriteCond (%{HTTP_HOST}) host2\.de
> >    RewriteRule ^(.*) http://www.host2.de$1 [P] </VirtualHost>
> > 
> > I don't know if this works with cookies but perhaps it may 
> help you a 
> > little bit.
> > 
> > Good luck
> > Sebastian
> > 
> > Jeremy Cavagnolo wrote:
> > > Thanks for the suggestions.  It seems to me that I would 
> have to modify
> > > the OpenCms login module to add javascript MD5 
> encryption.   However,
> > > upon more digging, I found the following in opencms-system.xml:
> > > 
> > > <passwordhandler    
> > >         class="org.opencms.security.CmsDefaultPasswordHandler">
> > >      <encoding>UTF-8</encoding>
> > >      <digest-type>MD5</digest-type>
> > >      <param 
> > > name="compatibility.convert.digestencoding">false</param>
> > > </passwordhandler>
> > > 
> > > Is there any documentation on the passwordhandler in 
> > > opencms-system.xml?  Does this default configuration use 
> javascript 
> > > to encrypt the password BEFORE sending it?
> > > 
> > > Thanks,
> > > 
> > > jeremy
> > > 
> > > 
> > > 
> > > On Thu, 2005-02-10 at 09:42, Jorge González wrote:
> > > 
> > >>Sorry if this doesn't work for you but...
> > >>
> > >>Why don't you send the password hash instead clear.
> > >>You can use a simple javascript md5 hash and send the 
> hash, not the 
> > >>password thru the wires.
> > >>
> > >>If you need all the info secured, this will not work, of course...
> > >>
> > >>
> > >>
> > >>_______________________________________________
> > >>This mail is send to you from the opencms-dev mailing 
> list To change 
> > >>your list options, or to unsubscribe from the list, please visit 
> > >>http://mail.opencms.org/mailman/listinfo/opencms-dev
> > > 
> > > 
> > > 
> > > 
> > > _______________________________________________
> > > This mail is send to you from the opencms-dev mailing 
> list To change 
> > > your list options, or to unsubscribe from the list, please visit 
> > > http://mail.opencms.org/mailman/listinfo/opencms-dev
> > > 
> > 
> > 
> > 
> > _______________________________________________
> > This mail is send to you from the opencms-dev mailing list 
> To change 
> > your list options, or to unsubscribe from the list, please visit 
> > http://mail.opencms.org/mailman/listinfo/opencms-dev
> 
> 
> 
> _______________________________________________
> This mail is send to you from the opencms-dev mailing list To 
> change your list options, or to unsubscribe from the list, 
> please visit http://mail.opencms.org/mailman/listinfo/opencms-dev
> 
>

More information about the opencms-dev mailing list