Cool.
Yeah - For roadmap stuff I was thinking different UI.
The vote can still be stored in JIRA.
Anyways that's a little ways down the road :-)
Emmanuel Lecharny wrote:
Yeah, 1 is the way to go. Forget about 2, it creates a security breach.
For roadmap, we use Jira, and you can vote for using it. The wheel
already exists ;)
On 3/10/07, * Ole Ersoy* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Short answer:
I think 1
Longer answer/example:
Tomcat Authentication
User requests password page and provides credentials.
Browser encrypts post and sends it.
Tomcat ssl decrypts.
Authentication is then performed on the
authentication store (ADS possibly).
So I think the network usually takes care of securing itself, when
needed.
I would probably leave 2 as "possible feature" and post it on our
roadmap
so that users can vote on it.
I'll try to create a "Dell IdeaStorm" page for our road map later
so that
features can be voted for.
Cheers,
- Ole
Emmanuel Lecharny wrote:
> Hi guys,
>
> I have a doubt, may be you have a clear vision about this point :
>
> is it the server responsability to compare the user's password
against
> an encrypted form or should the client encrypt the password before
> sending it to the server ?
>
> I mean, we can have one of those two possibilities :
> 1) [client] --(clear password)--> <network> --> [server] --> encrypt
> the password and compares it to the stored encrypted password
> or
> 2) [client] --(encrypt password)--> <network> [server] --> compares
> the encrypted password and compares it to the stored encrypted
password
>
> ?
>
> Emmanuel
>
> PS : we have solution 1 currently implemented. Is it correct ?
>
--
Cordialement,
Emmanuel Lécharny
www.iktek.com <http://www.iktek.com>
