On Tue, 23 Jul 2013 10:57:52 -0700, John Andersen wrote:
On 7/23/2013 9:05 AM, Jim Henderson wrote:
eDirectory is on the back-end, and even if one were to grab the database, it's not a traditional database and the structure is *very* unusual (gives it very high performance for millions - or billions - of identities), so one would have to have knowledge of the internals of the engine.
So security by obscurity then?
No, having looked at the engine myself pretty closely, the engine itself also uses very secure algorithms. I wasn't intending to imply that obscurity was the only thing that was there. The data stored in the database (particularly the passwords) are stored using either a well-known strong one-way hash (I forget which one offhand or I'd say), or strong symmetrical encryption algorithms. Far stronger than anything the default vBulletin authentication scheme uses. At a very high level, the structure is *kinda* like XML, but binary (there is a derivative called "XFLAIM" that's more like XML). It's a directory service, and back in the mists of ancient time, when NDS (eDirectory's predecessor) was created, the engineers understood that databases and directories are two different types of data uses, and they designed and leveraged a system that was optimized for directory operations. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org