View Single Post
  #2 (permalink)  
Old June 28th, 2010, 02:15 PM
metajack metajack is offline
Wrox Author
Points: 702, Level: 10
Points: 702, Level: 10 Points: 702, Level: 10 Points: 702, Level: 10
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2010
Posts: 178
Thanks: 0
Thanked 16 Times in 15 Posts
Default

Quote:
Originally Posted by semper View Post
Hello I`m building an simple application using Symfony & Strophe.js . In my db passwords are stored using sha1 algolrithm but in every example from book passwords using to connect are in plain text. I`m trying to figure out how to connect using my sha1 passwords from db but no luck. Is there any swich enabling this in Strophe js connection method ? EDIT : I can use md5 algorithm to hash passwords but how use md5 connection type in Strophe ?
Strophe will need the plain text password in order to hash it and do authentication with the server. With TLS and DIGEST-MD5 on the server, there is never a clear text password sent over the wire though.

Strophe will automatically use the strongest authentication mechanism offered by the server. If it advertises DIGEST-MD5 as an available auth mechanism, Strophe will use that. If that is not available it will try SASL PLAIN.

Over an encrypted channel, these are both acceptable. Over an unencrypted channel, SASL PLAIN is not recommended, and for that reason, most servers won't advertise support until after TLS is established.