Re: Apache::AuthDBI mp1 with SHA1 and MD5

Tue, 21 Jun 2005 10:46:13 -0700 

Philip:


From a thorough glance, it looks good as-is.



My changes are largely contained in AuthDBI.pm and your changes there are 
fairly minimal.  I performed a patch -p0 against your 0.96 and it was 
successful except for the revision number in AuthDBI.pm which you should 
update to 0.96 (or .97 or whatever) anyway.


Regards,
KAM


----- Original Message ----- 
From: "Philip M. Gollucci" <[EMAIL PROTECTED]>

To: "Kevin A. McGrail" <[EMAIL PROTECTED]>
Cc: <modperl@perl.apache.org>; "Jason Lamey" <[EMAIL PROTECTED]>
Sent: Tuesday, June 21, 2005 1:32 PM
Subject: Re: Apache::AuthDBI mp1 with SHA1 and MD5



Kevin A. McGrail wrote:


I have finished patches against  Apache AuthDBI version 0.94 that 
definitely work with mod_perl1 to implement sha1 & md5 encryption in 
addition to crypt.
 I have placed a patch, the original 0.94 and the patched 0.94KAM up for 
download at http://www.thoughtworthy.com/downloads/.
 It uses a fall-back methodology for mixed-encryption environments such 
as an upgrade where new users will use SHA1 and old users might use MD5 
or crypt. It provides a framework where new encryption methods should be 
installable in a matter of minutes by editing one subroutine and adding a 
subroutine for the encryption method.  As a point in case, after 
implementing SHA1, I then installed MD5 in under 5 minutes.
 I tried to handle the coding in a style close to the existing and also 
updated the documentation.  There was also an obscure bug where I believe 
the salt was not set correctly for people using the alternate userid salt 
and caching.
 Feedback appreciated especially on where to submit patches for inclusion 
into the main release.

 regards,
KAM


Any chance you could look at generating a patch set against
http://p6m7g8.net/Apache-DBI/Apache-DBI-0.96.tar.gz

Thanks.



--
END ---------------------------------------------------------
   What doesn't kill us, can only make us stronger.
              Nothing is impossible.

Philip M. Gollucci ([EMAIL PROTECTED]) 301.254.5198
Consultant / http://p6m7g8.net/Resume/resume.shtml
Senior Developer / Liquidity Services, Inc.
    http://www.liquidityservicesinc.com

























					Reply via email to