From 0ff1fb9dc4c9c4f126c22f95548133376d4f96e6 Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Sun, 10 Aug 2003 09:49:30 +0000 Subject: [PATCH] added security part --- lam/README | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lam/README b/lam/README index 924ad9e0..0754f156 100644 --- a/lam/README +++ b/lam/README @@ -76,6 +76,14 @@ LAM - Readme If you want to use a translated version of LAM be sure to install the needed locales. See locale/ for a list of supported locales. Debian users can add locales with "dpkg-reconfigure locales". + + Security: + It is strongly recommended to use a SSL connection to your web server. + + LAM needs to store your LDAP username + password in the session. The session + files are saved in sess/ and are accessible only by the web server. To increase + security username and password are encrypted with AES (256 bit). The key and iv + are generated at random when you log in. They are stored in two cookies. Have fun!