You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@directory.apache.org by bu...@apache.org on 2013/04/03 16:11:09 UTC

svn commit: r857123 - in /websites/staging/directory/trunk/content: ./ apacheds/advanced-ug/4.1.1.2-name-password-authn.html

Author: buildbot
Date: Wed Apr  3 14:11:08 2013
New Revision: 857123

Log:
Staging update by buildbot for directory

Modified:
    websites/staging/directory/trunk/content/   (props changed)
    websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.1.2-name-password-authn.html

Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Wed Apr  3 14:11:08 2013
@@ -1 +1 @@
-1464032
+1464033

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.1.2-name-password-authn.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.1.2-name-password-authn.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.1.2-name-password-authn.html Wed Apr  3 14:11:08 2013
@@ -278,12 +278,12 @@ return false
 
 
 <p><DIV class="note" markdown="1">
-  A few rule of thumb :
-  o Never store a password as plain text. 
-  o Prefer salted methods over non salted ones, and prefer the strongest one (here, SSHA-512 on Studio 2.0, or SSHA)
-  o crypt is also a good choice
-  o Pick strong passwords, otherwise if someone gets access to the list of passwords, he or she can run a rainbow attack on it.
-  o Keep in mind that whatever you do, the password will be passed in clear text from the client to the server. Always use startTLS before any bind, or at least use SSL
+  A few rule of thumb :<BR/>
+  o Never store a password as plain text. <BR/>
+  o Prefer salted methods over non salted ones, and prefer the strongest one (here, SSHA-512 on Studio 2.0, or SSHA)<BR/>
+  o crypt is also a good choice<BR/>
+  o Pick strong passwords, otherwise if someone gets access to the list of passwords, he or she can run a rainbow attack on it.<BR/>
+  o Keep in mind that whatever you do, the password will be passed in clear text from the client to the server. Always use startTLS before any bind, or at least use SSL<BR/>
 </DIV></p>