See workrave.org
--
A bug magnet
On Feb 3, 2009, at 11:02, Michele <[address removed]> wrote:
> Yes, but when I generate the mysql account in php, I'm generating
> the hash
> code and placing it in the database. I query the hash code and set
> conf->ha1 to that value.
> Mod_auth_digest using this hash code to generate the digest for
> comparison.
> $ha = md5($user . ':' . $realm . ':' . $passwd);
> Haha. Lol
> I found this nifty tid-bit on php.net:
> $A1 = md5($data['username'
] . ':' . $realm . ':' .
> $users[$data['username']]);
> $A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
> $valid_response =
> md5($A1.':'.$data['nonce'].':'.$data['nc'].':'
>
> $data['cnonce'].':'.$data['qop'].':'.$A2);
> I hope my mod_auth_digest (mysql) works!
> It took me a while do realize that ha1 in mod_auth_digest is not an
> encrypted password but a stinking hash code. I was tired and slow.
> After you've programmed so many hours, your computer should
> automatically
> shut off and lock and said programmer should automatically pass out
> from
> exhaustion.
> Michele
>
> -----Original Message-----
> From: [address removed] [mailto:[address removed]] On Behalf
> Of Sean
> OMeara
> Sent: Sunday, February 01, 2009 12:54 PM
> To: [address removed]
> Subject: Re: [linux-392] Another stupid thing
>
> mod_auth_mysql needs to be basic so it can take the plaintext password
> and turn around and give it to mysql.
> mod_auth_krb, mod_auth_ldap, mod_auth_most-things-with-a-backend also
> need to be basic.
>
> wrap the http session in ssl.
>
> -s
>
> On Sun, Feb 1, 2009 at 12:15 PM, Michele <[address removed]> wrote:
>> I'm sorry for all these stupid posts. I'm in the middle of a
>> learning
>> process. It's always darkest before the dawn.
>>
>>
>>
>> I see cookies are viewable and editable.
>>
>>
>>
>> Does anyone know if any browsers allow the user to view and edit the
> request
>> Authorization?
>>
>>
>>
>> If I hack the mod_auth_digest file to include mysql, which I haven't
>> verified is totally possible, yet, am I wasting my time.
>>
>>
>>
>> Basic authorization isn't flexible enough.
>>
>>
>>
>> What I want is to use AuthType in a secure fashion.
>>
>>
>>
>> Does it work like that?
>>
>>
>>
>> Is that stupid, too?
>>
>>
>>
>> I'm not going to be using real Digest on my server, why does
> mod_auth_mysql
>> have to be Basic?
>>
>>
>>
>> Margaret
>>
>>
>>
>>
>>
>>
>>
>> --
>> Please Note: If you hit "REPLY", your message will be sent to
>> everyone on
>> this mailing list ([address removed])
>> This message was sent by Michele ([address removed]) from The
>> New York
>> GNU/Linux Meetup Group.
>> To learn more about Michele, visit his/her member profile
>> To unsubscribe or to update your mailing list settings, click here
>>
>> Meetup Support: [address removed]
>> 632 Broadway, New York, NY 10012 USA
>
>
>
> --
> Please Note: If you hit "REPLY", your message will be sent to
> everyone on
> this mailing list ([address removed])
> http://linux.meet...
> This message was sent by Sean OMeara ([address removed]) from The
> New York
> GNU/Linux Meetup Group.
> To learn more about Sean OMeara, visit his/her member profile:
> http://linux.meet...
> To unsubscribe or to update your mailing list settings, click here:
> http://www.meetup...
> Meetup Support: [address removed]
> 632 Broadway, New York, NY 10012 USA
>
>
>
>
> --
> Please Note: If you hit "REPLY", your message will be sent to
> everyone on this mailing list ([address removed])
> http://linux.meet...
> This message was sent by Michele ([address removed]) from The New
> York GNU/Linux Meetup Group.
> To learn more about Michele, visit his/her member profile: http://linux.meet...
> To unsubscribe or to update your mailing list settings, click here: http://www.meetup...
> Meetup Support: [address removed]
> 632 Broadway, New York, NY 10012 USA
>
Other nearby
