[aida] Security and passwords

Janko Mivšek janko.mivsek at eranova.si
Thu Feb 7 13:23:28 CET 2008


Nicolas Petton wrote:

> I think we should improve security by storing a hashed passwords instead
> of passwords directly, same thing for requests.

Strongly agree. For storing passwords while for requests it is not so easy.
> 
> For Squeak port we can use SecureHashAlgorithm, and Security.SHA for VW.
> I know, it's dialect specific, but I didn't find another way...

I would rather use simpler MD5 hash, it is easier to implement and 
therefore more portable. And Sport can maybe be extended once with MD5, 
because Bruce Badger uses MD5 in his PostgreSQL driver.

I know I know, MD5 is supposed to be broken already, but common, guys, 
be reasonable...

Best regards
JAnko


-- 
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si


More information about the Aida mailing list