On Tue, Dec 28, 2010 at 02:37:15PM -0500, Ludovic Marcotte wrote: > > The password is still stored unencrypted in memcached for > SOGoCacheCleanupInterval seconds. This is avoid doing a bind on the > LDAP server for _each_ request coming in, in order to check the > validity of the password.
Couldn't this also be the same string as is stored server side for the secured session cookie, and xor'ed when checking validity ? -jf -- [email protected] https://inverse.ca/sogo/lists
