On Jan 9, 2010, at 11:29 AM, Ron Aaron wrote: > On Saturday 09 January 2010 18:21:00 D. Richard Hipp wrote: > >> There is a trade-off. >> >> You can store an cryptographic checksum of the password in the user >> table. ... >> Or you can store the cleartext password in the user >> table and send a cryptographic checksum of the password... > > There is another option: send a crypto checksum over the wire, and > store a > different sum in the user table. Then the server file does not have a > cleartext password, nor is one sent on the wire.
I'm not familiar with that algorithm. Can you explain or provide a link? D. Richard Hipp d...@hwaci.com _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
