-
Notifications
You must be signed in to change notification settings - Fork 268
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use SCRAM-SHA for encrypted sessions #1015
Comments
@Neustradamus I'm sorry but I really don't know what this is all about, and what it has to do with ADOdb. Please clarify your expectations. Also kindly note that ADOdb is community-maintained so if you wish some feature to be added, then we expect a contribution in the form of a pull request rather than al list of RFC's with no actual specification of how they should be applied to our library. |
@dregad: The goal is to have salted password hashes to be more secure and to be compatible with other products/softwares in the World since 2011. It replaces old unsecure MD5... |
That does not quite explain how this would apply to ADOdb... We are just an abstraction layer on top of various databases, and we don't store any passwords - we just pass them on to the underlying DB. |
@dregad: The goal is to have a better security than unsecure "ADODB_Encrypt_MD5" and "ADODB_Encrypt_SHA1", etc.: |
OK I see what you mean now, it's related to sessions module. As mentioned previously, feel free to submit a pull request with new encryption classes using your better algorithm to replace the legacy MD5 / SHA1. |
Dear @ADOdb team,
Can you add supports of :
You can add too:
A "big" list has been done in last link of this ticket.
SCRAM-SHA-1(-PLUS):
SCRAM-SHA-256(-PLUS):
SCRAM-SHA-512(-PLUS):
SCRAM-SHA3-512(-PLUS):
SCRAM BIS: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms:
-PLUS variants:
IMAP:
LDAP:
HTTP:
JMAP:
2FA:
IANA:
Linked to:
The text was updated successfully, but these errors were encountered: