WebApp Sec mailing list archives

Re: At what layer to hash a password

From: Chris Travers <chris () metatrontech com>
Date: Mon, 28 Jun 2010 21:46:04 -0700

On Mon, Jun 28, 2010 at 1:37 PM, Niels Teusink <teusink () fox-it com> wrote:

No perfect solution I guess :) (especially if you have the multiple interfaces thing to take into account)


The perfect solution would be to use mod_auth_krb5 with Apache and
pass the ticket off to the application, database, etc.  Only works
well on intranets though.....

Best Wishes,
Chris Travers



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

Current thread:

Re: At what layer to hash a password, (continued)
- Re: At what layer to hash a password Chris Travers (Jun 28)
- Re: At what layer to hash a password Javier Bassi (Jun 28)
  - Re: At what layer to hash a password Chris Travers (Jun 29)
- RE: At what layer to hash a password Dave Wichers (Jun 28)
  - Re: At what layer to hash a password Robin Wood (Jun 28)
- Re: At what layer to hash a password Tom Ritter (Jun 28)
  - Re: At what layer to hash a password Grega Bremec (Jun 28)
    - Re: At what layer to hash a password Robin Wood (Jun 28)
  - Re:Re: At what layer to hash a password 薛 (Jun 29)
- RE: At what layer to hash a password Niels Teusink (Jun 28)
  - Re: At what layer to hash a password Chris Travers (Jun 29)