On Wed, Jan 15, 2014 at 7:17 PM, Peter Wu <[email protected]> wrote: > Aside from storing passwords in plaintext, I see no other obvious issues.
I'm not too keen on this either. Care to submit a patch against jd/authentication that does a crypt() / mkpasswd salted hash situation? Does luacrypto support this? Investigate it? > The current login page is cachable, you should add "Cache-Control: private" to > prevent that. Excellent idea. _______________________________________________ CGit mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/cgit
