27 Jan
2012
27 Jan
'12
8:33 p.m.
Am 27.01.2012 16:46, schrieb Matthew Morgan:
Is it possible to encrypt the passwords in accounts.xml and still use HTTP authentication, similar to having an encrypted password in an apache .htaccess file?
Yes, but that requires a modification of the Server software. The patch wasn't that big and I might have posted it on the list. If I havn't: Just look into the code that operates on the pass phrase and adapt it accordingly... (demo code to encrypt and verify pass phrases should be in the net...) But beware: encrypted pass phrases require plain authentification (so use TLS...) Bye Goetz