[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [wss] Current user-name password construction requires plain textpassw ord at server
I had pointed this problem out in: http://lists.oasis-open.org/archives/wss/200212/msg00063.html The issue is not finding some nifty new password algorithm but that standard LDAP/AD deployments typically store only hashed passwords. Adding a new "WS password deployment" model to security systems is a bad idea and will simply lead to plain text passwords being stored in ad-hoc repositories. We should instead revise the password hashing methods so that plain text passwords are not required. - prateek
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC