--- "Ignacio J. Ortega" <[EMAIL PROTECTED]> wrote: > > De: Jim Seach [mailto:[EMAIL PROTECTED]] > > Enviado el: jueves 7 de marzo de 2002 16:38 > > > > > Ignacio, > > > > I apologize for not reading more closely. You didn't -1 it, just > > And i apologize everybody for writing english so bad :),
Your English is better than my anything else! > > > expressed your opinion. I agree your proposed changes would be > much > > more flexible. Another option that might be nice would be the > ability > > to specify a user supplied class to compute a password hash > > so only the > > hash needs to be stored in the database rather than the actual > > password. > > > > Do you know that Realms in general already have Digest capability > inside? > > Or Are you asking for a new feature? A new feature, but a suggestion rather than a request. Even if the client realm doesn't support Digest authentication, we can use Basic or Form to get the user ID and password in the clear, then apply the hash function to compare with the hash stored in the database. Using Digest authentication is better, but it may not be an option for all browsers. Maybe some of the Digest code could be reused. Actually, I prefer to authenticate against the database by logging in using the user ID and password supplied, and let the database provide the authentication and access control, but for most databases this doesn't play well with connection pooling. > > Saludos , > Ignacio J. Ortega > Jim Seach > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
