[aida] Security and passwords
janko.mivsek at eranova.si
Thu Feb 7 13:23:28 CET 2008
Nicolas Petton wrote:
> I think we should improve security by storing a hashed passwords instead
> of passwords directly, same thing for requests.
Strongly agree. For storing passwords while for requests it is not so easy.
> For Squeak port we can use SecureHashAlgorithm, and Security.SHA for VW.
> I know, it's dialect specific, but I didn't find another way...
I would rather use simpler MD5 hash, it is easier to implement and
therefore more portable. And Sport can maybe be extended once with MD5,
because Bruce Badger uses MD5 in his PostgreSQL driver.
I know I know, MD5 is supposed to be broken already, but common, guys,
Smalltalk Web Application Server
More information about the Aida