p2p.wrox.com Forums

p2p.wrox.com Forums (http://p2p.wrox.com/index.php)
-   BOOK: Professional XMPP Programming with JavaScript and jQuery (http://p2p.wrox.com/forumdisplay.php?f=542)
-   -   Using sha1 passwords in Strophe.js (http://p2p.wrox.com/showthread.php?t=79743)

semper June 14th, 2010 04:47 AM

Using sha1 passwords in Strophe.js
 
Hello I`m building an simple application using Symfony & Strophe.js . In my db passwords are stored using sha1 algolrithm but in every example from book passwords using to connect are in plain text. I`m trying to figure out how to connect using my sha1 passwords from db but no luck. Is there any swich enabling this in Strophe js connection method ? EDIT : I can use md5 algorithm to hash passwords but how use md5 connection type in Strophe ?

metajack June 28th, 2010 02:15 PM

Quote:

Originally Posted by semper (Post 259076)
Hello I`m building an simple application using Symfony & Strophe.js . In my db passwords are stored using sha1 algolrithm but in every example from book passwords using to connect are in plain text. I`m trying to figure out how to connect using my sha1 passwords from db but no luck. Is there any swich enabling this in Strophe js connection method ? EDIT : I can use md5 algorithm to hash passwords but how use md5 connection type in Strophe ?

Strophe will need the plain text password in order to hash it and do authentication with the server. With TLS and DIGEST-MD5 on the server, there is never a clear text password sent over the wire though.

Strophe will automatically use the strongest authentication mechanism offered by the server. If it advertises DIGEST-MD5 as an available auth mechanism, Strophe will use that. If that is not available it will try SASL PLAIN.

Over an encrypted channel, these are both acceptable. Over an unencrypted channel, SASL PLAIN is not recommended, and for that reason, most servers won't advertise support until after TLS is established.


All times are GMT -4. The time now is 04:00 AM.

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.