[geeklog-devel] Atom publishing

Dirk Haun dirk at haun-online.de
Thu May 29 14:48:39 EDT 2008


(sigh, this was supposed to go to the list)

Damien Hodgkin wrote:

>1. create a "nonce"
(snip)

There is actually a working WSSE implementation in system/lib-
webservices.php. It's commented out, though. But if you had the user's
unencrypted password, you could use it.

I tested it with a hack where I simply used the password hash as my
"password" on the other end. That's very insecure of course and I only
used it on a test setup. None of this went into Geeklog's code.

bye, Dirk


-- 
http://www.haun-online.de/accu/






More information about the geeklog-devel mailing list