On Wed, Jan 2, 2013 at 4:02 PM, Stefan Fritsch <[email protected]> wrote: > On Wednesday 02 January 2013, Jim Jagielski wrote: >> For *real* improvement, wouldn't storing in socache be >> the optimal method? > > Yes. I fear there may be some knee-jerk reaction like "oh my god, they > are keeping all the passwords in plain-text". But if it would be > limited to the shmcb socache provider, and if the passwords would be > cleared after some time of not being used, I don't see any real > security problems. Any other opinions? >
For authentication, can you already opt-in to effectively this with the mod_authn_socache?
