RE: [linux-392] Another stupid thing
| From: | Michele |
| Sent on: | Tuesday, February 3, 2009 11:02 AM |
Yes, but when I generate the mysql account in php, I'm generating the hash
code and placing it in the database. I query the hash code and set
conf->ha1 to that value.
Mod_auth_digest using this hash code to generate the digest for comparison.
$ha = md5($user . ':' . $realm . ':' . $passwd);
Haha. Lol
I found this nifty tid-bit on php.net:
$A1 = md5($data['username'
] . ':' . $realm . ':' .
$users[$data['username']]);
$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
$valid_response =
md5($A1.':'.$data['nonce'].':'.$data['nc'].':'
$data['cnonce'].':'.$data['qop'].':'.$A2);
I hope my mod_auth_digest (mysql) works!
It took me a while do realize that ha1 in mod_auth_digest is not an
encrypted password but a stinking hash code. I was tired and slow.
After you've programmed so many hours, your computer should automatically
shut off and lock and said programmer should automatically pass out from
exhaustion.
Michele
-----Original Message-----
From: [address removed] [mailto:[address removed]] On Behalf Of Sean
OMeara
Sent: Sunday, February 01, 2009 12:54 PM
To: [address removed]
Subject: Re: [linux-392] Another stupid thing
mod_auth_mysql needs to be basic so it can take the plaintext password
and turn around and give it to mysql.
mod_auth_krb, mod_auth_ldap, mod_auth_most-things-with-a-backend also
need to be basic.
wrap the http session in ssl.
-s
On Sun, Feb 1, 2009 at 12:15 PM, Michele <[address removed]> wrote:
> I'm sorry for all these stupid posts. I'm in the middle of a learning
> process. It's always darkest before the dawn.
>
>
>
> I see cookies are viewable and editable.
>
>
>
> Does anyone know if any browsers allow the user to view and edit the
request
> Authorization?
>
>
>
> If I hack the mod_auth_digest file to include mysql, which I haven't
> verified is totally possible, yet, am I wasting my time.
>
>
>
> Basic authorization isn't flexible enough.
>
>
>
> What I want is to use AuthType in a secure fashion.
>
>
>
> Does it work like that?
>
>
>
> Is that stupid, too?
>
>
>
> I'm not going to be using real Digest on my server, why does
mod_auth_mysql
> have to be Basic?
>
>
>
> Margaret
>
>
>
>
>
>
>
> --
> Please Note: If you hit "REPLY", your message will be sent to everyone on
> this mailing list ([address removed])
> This message was sent by Michele ([address removed]) from The New York
> GNU/Linux Meetup Group.
> To learn more about Michele, visit his/her member profile
> To unsubscribe or to update your mailing list settings, click here
>
> Meetup Support: [address removed]
> 632 Broadway, New York, NY 10012 USA
--
Please Note: If you hit "REPLY", your message will be sent to everyone on
this mailing list ([address removed])
http://linux.meet...
This message was sent by Sean OMeara ([address removed]) from The New York
GNU/Linux Meetup Group.
To learn more about Sean OMeara, visit his/her member profile:
http://linux.meet...
To unsubscribe or to update your mailing list settings, click here:
http://www.meetup...
Meetup Support: [address removed]
632 Broadway, New York, NY 10012 USA
Our Sponsors
Other nearbyMeetup Groups
Why these groups?
x
The Meetup Groups shown here are topically similar to The New York GNU/Linux Meetup Group.
Groups are more likely to be displayed here if they:
- have a Meetup scheduled
- have a high rating
- have a group photo
- are "public" and not "private"
- have shown they are likely to stick around (older than 30 days)
-
46 mappers
-
133 Java Developers
-
-
126 Javascript architects and coders
-
52 members
-
39 Technologists
