Ticket #667 (closed wishlist: fixed)

Opened 2 years ago

Last modified 1 year ago

Transfer username and password through RSA

Reported by: afz Assigned to: afz
Priority: lowest Milestone: 0.8.0
Component: Core / Session Version: SVN
Severity: trivial Keywords:
Cc:

Description

we need jaws more secure.
for this purpose i work on dynamic rsa key generator and apply this on jaws for transfer username and password over it.

Attachments

Change History

12/07/06 17:50:55 changed by afz

  • severity changed from blocker to major.

12/08/06 23:48:38 changed by cross

at what part are you refering to the 'transfer' of username and password?

01/06/07 08:53:13 changed by afz

  • priority changed from highest to normal.
  • type changed from defect to enhancement.
  • severity changed from major to normal.

01/11/07 18:09:14 changed by afz

transfer critical data over network is important subject.
for ex. when logon to admin area, out user/password transfer over network in plain text,
or when install jaws we enter user/password of databse, and it in plain text transfer.
so easily can sniff and cache, and this is a very very bad.

01/11/07 20:07:24 changed by afz

why RSA?
all symmetric algorithms, for this subject not usable, because in client side the secret are accessible(ex. DES,3DES,... are symmetric algorithms).
and why not hash algorithms, because this algorithms not usable in change password sections, and also in jaws we have different authentication method that require original user/password and not hash.
so only asymmetric method is best for this purpose.

02/02/07 22:18:40 changed by afz

anybody no idea?
i tomorrow going to work on it.
i use PEAR:Crypt for server side.

07/29/07 17:54:22 changed by pablo

  • severity changed from normal to trivial.
  • summary changed from transfer username and password through RSA for more security to Transfer username and password through RSA.
  • priority changed from normal to lowest.
  • milestone changed from 0.8.0 to Wishlist.
  • owner changed from afz to gluegadget.
  • type changed from enhancement to wishlist.

It's a wishlist, not really required. Althought Amir will be working on this and implementing OpenID once the PEAR package is released.

10/01/07 20:29:42 changed by afz

  • owner changed from gluegadget to afz.
  • status changed from new to assigned.
  • milestone changed from Wishlist to 0.8.0.

10/01/07 20:30:21 changed by afz

  • status changed from assigned to closed.
  • resolution set to fixed.

now, jaws support this feature.

Add/Change #667 (Transfer username and password through RSA)




Change Properties
Action