From 1c58fa7c64843b2655152aed48d0c3dcaa2e28c2 Mon Sep 17 00:00:00 2001
From: Andreas Baumann <mail@andreasbaumann.cc>
Date: Fri, 1 May 2015 16:52:04 +0200
Subject: updated todos

---
 TODOS | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'TODOS')

diff --git a/TODOS b/TODOS
index 699fcde..a4e212c 100644
--- a/TODOS
+++ b/TODOS
@@ -1,3 +1,10 @@
 - hash the password, with salt (currently it's plain text which is a no go!)
+- make the login mechanism more robust:
+  - http://www.devarticles.com/c/a/JavaScript/Building-a-CHAP-Login-System-Encrypting-Data-in-the-Client/2/
+  - have a CHAP per default (working also over HTTP)
+  - If there is no Javascript, allow the "plain over HTTPS" fallback
 - check timeout when verifying the registration code of a user
+- database model for a simple CMS
+  - http://www.techrepublic.com/article/two-ways-to-design-a-database-for-a-net-based-cms/
+
 
-- 
cgit v1.2.3-54-g00ecf