thrift-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From George Chung <geo...@glympse.com>
Subject Re: username/password - security in Apache Thrift
Date Thu, 26 Sep 2013 01:29:29 GMT
[...] your server side is going to handle the un

> and cleartext pw and ask some service to validate
>> the combination.
>>
>
> Whoa. How do you manage comparing against a clear text pwd when you have
> salted hashes in your DB? You /do/ have salted hashes, do you?
>
> ;-)
>
>
Well, either your server or your service that you are delegating to has to
perform the one way hash with the salt...if that's the way you (or the
service) is storing them. :)
But I think you already knew that... ;-)

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message