View Single Post
  #3  
Old 28th March 2006, 15:56
olaus olaus is offline
Junior Member
 
Join Date: Feb 2006
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default

hello,

does that code also affect the passwords for the web-login ( stored in mysql isp_isp_kunde:webadmin_passwort ) ?
those are anyway more vulnerable than the ones in /etc/shadow because mysql-access rights are enough to read them.

ciao
arnim

Quote:
Originally Posted by bjmg
as promised here is my patch for more secure passwords.
It now uses a correct md5 encryption and a better salt (more secure) for the standard encryption (DES).
Also .htpasswd files are generated with MD5 encryption (if enabled). This is completely new.
The mailuser backend now also supports MD5 encryption. This is completely new too.
Reply With Quote