On 05/01/2013 11:52, Igor Galić wrote:
----- Original Message -----
On Wednesday 02 January 2013, Eric Covener wrote:
On Wed, Jan 2, 2013 at 4:02 PM, Stefan Fritsch <s...@sfritsch.de>
wrote:
On Wednesday 02 January 2013, Jim Jagielski wrote:
For *real* improvement, wouldn't storing in socache be
the optimal method?
Yes. I fear there may be some knee-jerk reaction like "oh my god,
they are keeping all the passwords in plain-text". But if it
would be limited to the shmcb socache provider, and if the
passwords would be cleared after some time of not being used, I
don't see any real security problems. Any other opinions?
For authentication, can you already opt-in to effectively this with
the mod_authn_socache?
No, mod_authn_socache only caches the lookup of the password hash. It
avoids having to open the password file/dbm/whatever but it still
calls apr_password_validate() every time. Maybe it should be extended
to also cache the real password and the result of
apr_password_validate()?
Stupid question time:
Why can't we store the password *hash* in the socache instead of
the plain-text password?
i
Igor, that is exactly what Stefan is says already happens with
mod_authn_socache, unless I grossly misread...
I'd be +1 allowing for a directive to hash the plaintext in socache, if
it wasn't the default. I'd probably be +0 to it being the default, but
only because I don't see myself as having tuits to look closely enough
at shmcb cache to really understand the security implications for
myself; but if the sysadmin is already opt-ing in for any sort of
authentication caching, then (s)he already is aware of a hypothetical
chance for a security compromise on the system to some degree or another.
Issac
