[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Phpgroupware-developers] Re: [ phpgroupware-Bugs-445721 ] email pa
|
From: |
Tony (Angles) Puglisi |
|
Subject: |
Re: [Phpgroupware-developers] Re: [ phpgroupware-Bugs-445721 ] email password not saved. |
|
Date: |
Mon, 17 Dec 2001 20:01:06 +0000 |
Del,
Again, hack at it and sent me the file(s) (as attachments to an email). My
brain is
too simple for these modern things, but I do know that I can commit a file :)
ahh.. as far as email goes, we only need to do crypto on a string, and a short
string at that, the pasword. Therefor to program for encrypting objects is over
kill for us but, hey, while we are at it why not do that...
As for database "de-fanging" (eliminitating database unfriendly chars and char
sequences), I believe this should be handled at the SO level, as an example, the
preferences class that handles the storage and retrieval of email prefs from the
preferences table, has code in there to handle adding slashes, and
serialization.
(I don't know how other apps handle their prefs)
In that case, the serialization is because that is how the email preferences
data
is stored, as an array object that has been serialized for storage. Therefor,
if we
serialize at the encryption level, that serialization which we just did
for "database storage" issues is unneeded because the preferences class will
serialize the whole email preferences array when it gets written to the DB.
Same for slashing (add/remove slashes for database storage purposes), this will
happen again in, or at least is designed to be handled in, the preferences
class.
I must stress, though, that the email prefs are somewhat different from other
app's
prefs because other apps (I think) have their own table schema, the email app
uses
the (very cool) preferences class ability to story dynamically sized / schema'd
data as a serialized array in one record.
Del (address@hidden) wrote*:
>
>Del wrote:
>
>> - Lines 48, 59, and all places where mcrypt_cbc is used: Replace CBC/cbc
>> with ECB/ecb. ECB is really only suitable for encrypting multiple blocks
>> (where 1 block = 8 bytes) of data at a time.
>
>Sorry, that should have read "_CBC_ is really only suitable for encrypting
>multiple blocks...". We're encrypting passwords and other short strings here,
>so ECB is better.
>
>
>_______________________________________________
>Phpgroupware-developers mailing list
>address@hidden
>
--
that's "angle" as in geometry
- Re: [Phpgroupware-developers] Re: [ phpgroupware-Bugs-445721 ] email password not saved.,
Tony (Angles) Puglisi <=