[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-users] security/passwords

From: Ralf Utermann
Subject: [Phpgroupware-users] security/passwords
Date: Wed, 26 Mar 2003 10:41:55 +0100
User-agent: Mutt/1.4i


two questions concerning passwords in phpgw:

- it looks like phpgw keeps the passwords' md5-hash in its
  phpgw_accounts table even if I authenticate against email.
  In this case I would prefer that phpgw doesn't keep it -- is
  this configurable somewhere?

- The users' passwords during a session are kept in the
  the kp3 cookie, right? How does the encrypt/decrypt work? 
  If I never use an application like email (and thus, the 
  password is never needed) does phpgw nevertheless store it
  in the cookie? Could one add an option to set set 'secure flag'
  on this cookie?

Bye, Ralf
        Ralf Utermann
        Universität Augsburg, Institut für Physik   --   EDV-Betreuer
        D-86135 Augsburg                     Phone:  +49-821-598-3231
        SMTP: address@hidden         Fax: -3411

reply via email to

[Prev in Thread] Current Thread [Next in Thread]