On Tue, 2010-03-09 at 16:19 -0600, Jonathan Ellis wrote: > We should probably use http://www.mindrot.org/projects/jBCrypt/. > (Lots of background: > http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html) > > We kind of have a nagging feeling though that rolling our own auth > framework in 2010 is the wrong approach. > http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer > has been mentioned as an alternative.
My understanding is that Avro will ultimately support two different transports, HTTP, and a yet-to-be-specified socket-based protocol that will include support for SASL. Obviously that's vaporware on top of vaporware at the moment, but having authentication pushed into the transport in an extensible way seems like a pretty good answer (if/when we get there of course). Just something to think about. -- Eric Evans eev...@rackspace.com
