> I think this is a good patch and that it should be merged into trunk. Is it too early to get rid of plain-text password support? I think hashed passwords appeared about 1.5 years ago. If we remove it, we can leave "pw=%Q", I think. The only code left susceptible to timing attacks will be for cookie handling.
-- Dmitry Chestnykh _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users