MusicBrainz Summit/11/Session Notes: Difference between revisions
From MusicBrainz Wiki
< MusicBrainz Summit | 11
Jump to navigationJump to search
Reosarevok (talk | contribs) |
PavanChander (talk | contribs) |
||
Line 15: | Line 15: | ||
# reosarevok was nearly dissed |
# reosarevok was nearly dissed |
||
=== Friday (Oct 14) === |
=== Friday (Oct 14) === |
||
* jdamcd.... and everyone else arrived |
|||
* Pushed hotfix for weekly release |
|||
# Pushed hotfix for weekly release |
|||
====Single sign on & password security==== |
|||
Goals |
|||
* Not storing plaintext passwords |
|||
* Not having knowable (i.e. reversible) passwords |
|||
* Not transmitting passwords in the clear |
|||
* Single sign on |
|||
Questions |
|||
* What specific password issues are we trying to solve? |
|||
Discussed proposals |
|||
* Implement OpenID |
|||
* Using digest authentication (still requires storing and transferring the clear text password) |
|||
* Using SSL (requires updating web service libraries) |
|||
* Using a separate LDAP server (password no longer in MB database and stored elsewhere, also allows for possible single sign on integration) |
|||
'''Conclusion:''' Use LDAP and phase in SSL to increase password security. Bonus: LDAP makes single sign on possible. |
Revision as of 00:14, 15 October 2011
Attendees
- Please add yourself if you attended.
- Kuno Woudt (warp)
- Pavan Chander (navap)
- Rob Kaye (ruaok)
- Nikki
- Oliver Charles (ocharles)
- Jamie McDonald (jdamcd)
- Nicolás Tamargo (reosarevok)
Overview
Thursday (Oct 13)
- warp, navap, ruaok, nikki, ocharles arrived
- Food was bought
- reosarevok was nearly dissed
Friday (Oct 14)
- jdamcd.... and everyone else arrived
- Pushed hotfix for weekly release
Single sign on & password security
Goals
- Not storing plaintext passwords
- Not having knowable (i.e. reversible) passwords
- Not transmitting passwords in the clear
- Single sign on
Questions
- What specific password issues are we trying to solve?
Discussed proposals
- Implement OpenID
- Using digest authentication (still requires storing and transferring the clear text password)
- Using SSL (requires updating web service libraries)
- Using a separate LDAP server (password no longer in MB database and stored elsewhere, also allows for possible single sign on integration)
Conclusion: Use LDAP and phase in SSL to increase password security. Bonus: LDAP makes single sign on possible.