The password is encrypted in the LDAP server = it is safe When you request LDAP server for authentication = you give the password in plain text So Nuxeo send the password in plain text. And the browser send the password in plain text to Nuxeo server.
During this process, if you want to keep the password safe, you have to use SSL. /1/ HTTPS between the browser and the Nuxeo Server /2/ LDAPS between Nuxeo server and LDAP server -- Posted by "sebastien.denef" at Nuxeo Discussions <http://nuxeo.org/discussions> View the complete thread: <http://www.nuxeo.org/discussions/thread.jspa?threadID=4011#12361> _______________________________________________ ECM mailing list [email protected] http://lists.nuxeo.com/mailman/listinfo/ecm To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
