On Sunday 23 September 2001 01:24 am, Mladen Turk wrote: > > -----Original Message----- > > From: Justin Erenkrantz [mailto:[EMAIL PROTECTED] > > Sent: Sunday, September 23, 2001 12:51 AM > > To: Mladen Turk > > Cc: APR Dev List > > Subject: Re: [PATCH] apr_password_validate with LIBEAY des_fcrypt support > > > > > Here is a patch that uses dso to load a libeay32.dll from > > > > openssl an enables > > > > > apr to validate a password using des_fcrypt. > > > > What happens if this dll is not available? I don't think we're > > enforcing users to have OpenSSL. > > Nothing happens! > It falls back to the original behavior if the dll coudn't be loaded at > runtime.
I dislike this. My concern is that if you take the same binary to 2 different Windows machines, you will get two different results. I would prefer to just have APR always use md5 hashes to protect passwords. We could basically just document the des option as depricated, and only provided for backwards compat with older systems. If we do this, then we shouldn't need DES on Windows. Ryan ______________________________________________________________ Ryan Bloom [EMAIL PROTECTED] Covalent Technologies [EMAIL PROTECTED] --------------------------------------------------------------
