encode_password
Description:
Encodes the username/realm/password triplet for Digest authentication.
That is, it returns a stringified MD5 hash of username
, realm
, and password
concatenated together. This
is the form that is needed as the return value of AuthDomainDigest's auth
handler.
For security reasons, you should store the encoded hash, rather than storing the cleartext password itself and calling this method only when you need to verify it. This way, if your server is compromised, the attackers will not gain access to cleartext passwords which might also be usable at other sites. (Note also that the encoded password returned by this method is identical to the encoded password stored in an Apache .htdigest file.)
Parameters:
username |
a username |
realm |
an auth realm name |
password |
the password for |
Returns:
the encoded password |