authentication support: work has begun!
Jason A. Donenfeld
Jason at zx2c4.com
Wed Jan 15 19:29:48 CET 2014
On Wed, Jan 15, 2014 at 7:17 PM, Peter Wu <lekensteyn at gmail.com> wrote:
> Aside from storing passwords in plaintext, I see no other obvious issues.
I'm not too keen on this either. Care to submit a patch against
jd/authentication that does a crypt() / mkpasswd salted hash
situation? Does luacrypto support this? Investigate it?
> The current login page is cachable, you should add "Cache-Control: private" to
> prevent that.
Excellent idea.
More information about the CGit
mailing list