[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Wed, 26 Mar 2003 10:41:55 +0100
two questions concerning passwords in phpgw:
- it looks like phpgw keeps the passwords' md5-hash in its
phpgw_accounts table even if I authenticate against email.
In this case I would prefer that phpgw doesn't keep it -- is
this configurable somewhere?
- The users' passwords during a session are kept in the
the kp3 cookie, right? How does the encrypt/decrypt work?
If I never use an application like email (and thus, the
password is never needed) does phpgw nevertheless store it
in the cookie? Could one add an option to set set 'secure flag'
on this cookie?
Universität Augsburg, Institut für Physik -- EDV-Betreuer
D-86135 Augsburg Phone: +49-821-598-3231
SMTP: address@hidden Fax: -3411
- [Phpgroupware-users] security/passwords,
Ralf Utermann <=