| View previous topic :: View next topic |
| Author |
Message |
Who
-
Joined: 24 Jan 2005
Posts: 4
|
 Posted: Mon Jan 24, 2005 11:46 pm Post subject: abyss.conf and calling an external file |
 |
|
i would like to know if it is possible for within abyss.conf if it can 'use' or 'call' another file that is just suited for the user auth part, (the users and password hashes)..
also, since the usernames and passwords are going to be generated by a diffrent script.. is it something like "usernamepassword" in that odrer all run together then encrypted? |
|
| Back to top |
  |
 |
Anonymoose
-
Joined: 09 Sep 2003
Posts: 2192
|
| Posted: Tue Jan 25, 2005 12:34 am Post subject: |
|
|
As far as I know, the only place Abyss usernames for auth can be read from is the conf file - as an alternative you could protect areas of your site with PHP/script language of your choice which would allow you to use an external file for auth.
Last time Aprelium explained it, I believe the password hashes were generated by taking the md5 of username:password (including the :) - although this isn't too useful to know since you can't write to the conf file... |
|
| Back to top |
|
|
k1ll3rdr4g0n
-
Joined: 04 Jul 2004
Posts: 609
|
| Posted: Tue Jan 25, 2005 2:01 am Post subject: |
|
|
Oh my, does Abyss use a salt for the MD5 encryption?
_________________
 |
|
| Back to top |
 |
|
Anonymoose
-
Joined: 09 Sep 2003
Posts: 2192
|
| Posted: Tue Jan 25, 2005 12:26 pm Post subject: |
|
|
| Why would you use a salt for a simple md5 hash of a phrase? This is a pretty standard procedure for basic encryption of username/password combinations. |
|
| Back to top |
|
|
admin
Site Admin
Joined: 03 Mar 2002
Posts: 1332
|
| Posted: Thu Jan 27, 2005 4:55 pm Post subject: Re: abyss.conf and calling an external file |
|
|
Who,
No this isn't possible. We're working on a more "open/extensible" password protection method for a future release. But until then, the best to do is to use a script to provide this custom protection. |
|
| Back to top |
|
|
|
