On Sat, May 9, 2009 at 11:23 AM, Giuseppe Iuculano <[email protected]> wrote:
> Hi Arthur,
Hi Giuseppe,
> Arthur Furlan ha scritto:
>> I fixed these issues adding a new method in the Auth class (see
>> Auth.php.patch) that destroys the any session for an user, both in php
>> *and* database. To fix the issue [1] I added a call of this new method
>
> Thank you for your bug report, I've committed your patch. However I will ask
> upstream to try to patch atmailopen and do not store clear password in the
> database.
It would be great! While I was debugging atmailopen I could see
some pieces of commented code[1] that looked to me they are trying (or
had tried) to do it. The password is handled in a lot of different
places of the code (mainly in the file [1]) and it makes this patch a
little more difficult than the others.
[1]. /usr/share/atmailopen/libs/Atmail/Auth.php:36
--
Atenciosamente,
Arthur Furlan
[email protected]
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
