On Sat, May 9, 2009 at 11:23 AM, Giuseppe Iuculano <giuse...@iuculano.it> wrote:
> Hi Arthur,
Hi Giuseppe,
> Arthur Furlan ha scritto:
>> I fixed these issues adding a new method in the Auth class (see
>> Auth.php.patch) that destroys the any session for an user, both in php
>> *and* database. To fix the issue [1] I added a call of this new method
>
> Thank you for your bug report, I've committed your patch. However I will ask
> upstream to try to patch atmailopen and do not store clear password in the
> database.
It would be great! While I was debugging atmailopen I could see
some pieces of commented code[1] that looked to me they are trying (or
had tried) to do it. The password is handled in a lot of different
places of the code (mainly in the file [1]) and it makes this patch a
little more difficult than the others.
[1]. /usr/share/atmailopen/libs/Atmail/Auth.php:36
--
Atenciosamente,
Arthur Furlan
arthur.fur...@gmail.com
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
