On Tue, Dec 28, 2010 at 03:46:14PM -0500, Ludovic Marcotte wrote: > On 10-12-28 3:42 PM, Jan-Frode Myklebust wrote: > >Couldn't this also be the same string as is stored server side for the > >secured session cookie, and xor'ed when checking validity ?
> Yes but that wouldn't work with other authenticators - like the > proxy one (for WebAuth or Apache authentication) or the DAV one (for > all DAV clients, like Thunderbird, Apple iCal / iPhone, etc.). So maybe save a salted hash of the password in memcached for this comparison instead ? -jf -- [email protected] https://inverse.ca/sogo/lists
