[ http://jira.magnolia.info/browse/MAGNOLIA-631?page=all ] Fabrizio Giustina reopened MAGNOLIA-631: ----------------------------------------
Hi Sameer, after recent changes authentication stopped working totally for me... I have currently fixed it by modifying part of the code and I am reopening this just for discussion, here are my thoughts: md5 should IMHO never be calculated client-side (expecially using javascript), a plain form should always work. It should also work without using the standard magnolia authentication module, which expected password to be already hashed, while others usually don't (in order to protect the trasmitted password users should use https, if this was your concern). Md5 should be calculated on the authentication module, because only the authentication module can know how the server password is stored and how to compare them. I have now removed the client-side javascript and updated authenticator accordingly, please check if everything is ok for you. > md5 password encryption > ------------------------ > > Key: MAGNOLIA-631 > URL: http://jira.magnolia.info/browse/MAGNOLIA-631 > Project: magnolia > Type: Task > Reporter: Sameer Charles > Assignee: Sameer Charles > Priority: Minor > Fix For: 3.0 RC1 > > > 1. implement on client - javascipt (already on svn, needs to be tested) > 2. Update Authenticator accordingly -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.magnolia.info/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira ---------------------------------------------------------------- for list details see http://www.magnolia.info/en/magnolia/developer.html ----------------------------------------------------------------
