[prev in list] [next in list] [prev in thread] [next in thread]
List: openvas-discuss
Subject: Re: [Openvas-discuss] Login via gsad fails with special chars in
From: Stefan Schwarz <Stefan.Schwarz () unibw ! de>
Date: 2011-02-14 7:30:48
Message-ID: 4D58DA28.8070109 () unibw ! de
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Am 13.02.2011 16:51, schrieb Stephan Kleine:
[]
>> Because we are using LDAP-based authentication and force our clients to
>> have special chars in passwords i'd suggest to include as much as
>> possible chars for password-validation. I don't think it's a good idea
>> for security-based applications to force weak passwords.
>
> +1 - not allowing some chars and setting a max length is kinda ridiculous.
> Simply use hashes and salt. See e.g.
> http://jasypt.org/howtoencryptuserpasswords.html for details.
Sorry, but this is out of topic here. We're talking about
user-authentication against already (hopefully secured) stored
credentials. OpenVAS user credentials are already stored this way (see
hash-files under /usr/local/var/lib/openvas/users)
Stefan
["smime.p7s" (application/pkcs7-signature)]
_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic