On Jan 15, 2009, at 12:32 PM, tedd wrote:
At 11:43 PM +0000 1/14/09, Ashley Sheridan wrote:
>
Surely that's a good thing then? Security through obscurity and all
that...
Ash
Ash:
Certainly it's a good thing -- until the client asks for another
password.
At this point, I have four logon and password combinations to use.
I can tell the client if they use one of those, then they can
login. However if they want their own, then I have no idea of what
the algorithm was/is and thus no way of generating a new
combination for them.
You see, the problem here is not that I can't set up an
authorization scheme -- I can do that easily enough. The problem is
that I don't know how the one currently in place on my client's
server works in generating passwords. If I knew that, then I could
generate the password myself.
Hey tedd,
One thing I just thought of that I'm sure you checked but just in
case... With the current system do they have any way of adding new
users to it? If so... there would be info in a file that had the
algorithm info you need...
Other then that nothing to add except rewrite the whole thing with
properly commented code so future people can view/edit the code :)
--
Jason Pruim
japruim@xxxxxxxxxx
616.399.2355
