From 1c58fa7c64843b2655152aed48d0c3dcaa2e28c2 Mon Sep 17 00:00:00 2001
From: Andreas Baumann <mail@andreasbaumann.cc>
Date: Fri, 1 May 2015 16:52:04 +0200
Subject: updated todos

---
 LINKS | 19 -------------------
 TODOS |  7 +++++++
 2 files changed, 7 insertions(+), 19 deletions(-)
 delete mode 100644 LINKS

diff --git a/LINKS b/LINKS
deleted file mode 100644
index a575abf..0000000
--- a/LINKS
+++ /dev/null
@@ -1,19 +0,0 @@
-links about CMS and web programming:
-
-http://www.devarticles.com/c/a/JavaScript/Building-a-CHAP-Login-System-Encrypting-Data-in-the-Client/2/
-http://www.techrepublic.com/article/two-ways-to-design-a-database-for-a-net-based-cms/
-
-other projects using CppCms:
-
-https://github.com/allan-simon/tatoebacpp
-11z-zpr-netspy
-
-captcha generator (standalone, sweat, no Imagemagick or fonts needed):
-
-http://brokestream.com/captcha.html
-http://www.cthulhulives.org/toybox/PROPDOCS/PropFonts.html
-
-SMTP:
-
-https://www.cs.auckland.ac.nz/~pgut001/cryptlib/download.html
-http://sourceforge.net/projects/libquickmail/
diff --git a/TODOS b/TODOS
index 699fcde..a4e212c 100644
--- a/TODOS
+++ b/TODOS
@@ -1,3 +1,10 @@
 - hash the password, with salt (currently it's plain text which is a no go!)
+- make the login mechanism more robust:
+  - http://www.devarticles.com/c/a/JavaScript/Building-a-CHAP-Login-System-Encrypting-Data-in-the-Client/2/
+  - have a CHAP per default (working also over HTTP)
+  - If there is no Javascript, allow the "plain over HTTPS" fallback
 - check timeout when verifying the registration code of a user
+- database model for a simple CMS
+  - http://www.techrepublic.com/article/two-ways-to-design-a-database-for-a-net-based-cms/
+
 
-- 
cgit v1.2.3-54-g00ecf