On Wed, Jan 15, 2014 at 7:17 PM, Peter Wu <lekenst...@gmail.com> wrote: > Aside from storing passwords in plaintext, I see no other obvious issues.
I'm not too keen on this either. Care to submit a patch against jd/authentication that does a crypt() / mkpasswd salted hash situation? Does luacrypto support this? Investigate it? > The current login page is cachable, you should add "Cache-Control: private" to > prevent that. Excellent idea. _______________________________________________ CGit mailing list CGit@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/cgit