Page 1 of 1

web site logon problems

Posted: Sat Feb 18, 2012 2:53 pm
by Mike Davis
Well we tracked down the problem with mixed case passwords... unfortunately
there's no fix exactly, it's an inherent problem with the implementation.
But the problem is fixed for the site, by disabling digest login support.
All non-SSL connections to the site will now send the username and password
in clear text. Digest login encrypts the username and password even when
you're not connected via SSL, but this was our problem, because of the 1-way
encryption the system was not able to translate mixed case passwords to the
all CAPS password in the database.

It wont look any different to you, just wanted to let you know that if you
don't connect to using SSL, then your username and password will be
transmitted in clear text.

Mike




-----------------------------------------------------------------
List archives located at: https://mail.dcsol.com/login
username "rebel" password "builder"
Unsubscribe: rebel-builders-unsubscribe@dcsol.com
List administrator: mike.davis@dcsol.com
-----------------------------------------------------------------