Subject: CAcert Code Development list.
List archive
- From: Michael Tänzer <michael.taenzer AT cacert.org>
- To: cacert-devel AT lists.cacert.org
- Cc: Marek Michał Mazur <mmazur AT cacert.org>
- Subject: Re: password advice
- Date: Wed, 28 Sep 2011 21:48:38 +0200
- Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT cacert.org; dkim-asp=none
- Openpgp: id=9940BEF1
Hi Marek,
On 28.09.2011 19:18, Marek Michał Mazur wrote:
> W dniu 28.09.2011 18:51, Philipp Gühring pisze:
>> CertApi both accepts GET and POST, due to different requirements from
>> clients and webservers. (Some clients only support GET, and some
>> webservers complain about too long GET requests due to standardised limits)
>
> Is this reason good enough to explain why users password are stored in
> httpd logs?
>
> For me more secure and sensible would be to use OAuth protocol. Why to
> reinvent a wheel?
AFAIK, this stuff was written before the wheel (OAuth) was invented. Yes
we should do a better API but we don't have enough resources, we are
even struggling to cope providing fixes for bugs that are way more
important. Unlike other software projects CAcert doesn't only provide
software it also provides a service and not a trivial one. Apart from
that there's a lot of politics and bureaucracy going on due to the
criticality of the matter. All that needs resources and those are scarce.
To make a long story short: The API is currently unsupported and to be
used at your own risk.
Cheers
--
Michael Tänzer
CAcert Support Team Leader
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- password advice, Ian G, 09/27/2011
- Re: password advice, Marek Michał Mazur, 09/27/2011
- Re: password advice, ianG, 09/28/2011
- Re: password advice, mmazur, 09/28/2011
- AW: password advice, ulrich, 09/28/2011
- Re: AW: password advice, mmazur, 09/28/2011
- Re: AW: password advice, Philipp Gühring, 09/28/2011
- Re: AW: password advice, Marek Michał Mazur, 09/28/2011
- Re: password advice, Michael Tänzer, 09/28/2011
- Re: password advice, Marek Michał Mazur, 09/28/2011
- Re: AW: password advice, Philipp Gühring, 09/28/2011
- Re: AW: password advice, mmazur, 09/28/2011
- AW: password advice, ulrich, 09/28/2011
- Re: password advice, mmazur, 09/28/2011
- Re: password advice, ianG, 09/28/2011
- Re: password advice, Faramir, 09/28/2011
- Re: password advice, Marek Michał Mazur, 09/27/2011
Archive powered by MHonArc 2.6.16.