![(please configure the [header_logo] section in trac.ini)](/pubtrac/Utilities/chrome/site/your_project_logo.png){kind=logo}
Changes between Version 17 and Version 18 of AccountServer
- Timestamp:
- 05/15/20 10:51:54 (5 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
AccountServer
v17 v18 38 38 }}} 39 39 40 = Security 40 = Security, Privacy 41 41 The security features of the [wiki:AccountManager] are inherited. But it's important that the server should be set up to require HTTPS. The password is transmitted in plain text to the server (this is the de-facto standard way to do this) and would be in plain sight for every network sniffer if HTTPS were not used. 42 42 43 The password is stored in hashed form, so that even if someone would be able to retrieve the password file, it would still be very hard to recover the plain text password. We use 512 bit hashing to comply with current standards for this. 44 45 The accountmanager is designed to not need cookies. This facilitates usage where strict cookie laws apply. Also the email address for password recoverage is kept optional, so that it is possible to use the account manager without any reference being stored to the real user. This avoids the need to comply with the many privacy laws that may apply to storing user data. 43 46 44 47 = Technical note
