Questions about digest authentication (and some other stuff)

[Matthew Brush <mbrush codebrainz ca>]

Hi,

I'm writing a server that uses HTTP digest authentication and I was 
wondering a few things:

Disclaimer: I'm not very knowledgeable about security stuff so please 
excuse me if the questions are stupid and/or naïve :)

1) Is there a recommended method/package for handling the actual 
user/password database? I didn't see much inside libsoup itself but 
wondered if anyone could recommend a suitable way to handle it? I'm 
currently just using a GKeyFile which works fine but I feel as though 
I'm re-inventing a wheel and probably introducing security holes without 
even being aware. Should I be looking at using something like libpam?

2) In my code I started off using some techniques that seemed reasonable 
like using mlock() to prevent the encoded password from being swapped to 
disk and using memset() to clear out the memory where the password 
is/was before freeing it. Once I started tying it into libsoup I 
realized that the API wants my code to allocate memory using GLIB's 
allocator and hand it over to libsoup to free. I checked out the source 
to see how hard it would be to add API functions to allow providing my 
own buffer but then I realized it's using the GLIB data checksums API 
internally and so even if I could provide my own buffer, it would 
ultimately end up somewhere else in memory that could be swapped to disk 
and (probably) won't get zeroed out before freeing. Am I being stupid 
and/or paranoid in wanting to take these measures, and if not, could 
someone recommend a way to work around the mentioned issues? I'm 
wondering, if some cracker is already accessing my swap file/partition 
and/or recycled memory, is it pretty much pointless/too-late to be 
worrying about somewhat weakly encoded passwords getting into there?

3) Does libsoup use/have any means of doing key-stretching and/or 
salting? On a similar vein, does it implement any means of limiting 
denial of service attacks or brute force password cracking attempts or 
is this left to the user to do based on their specific requirements? 
Would there be any value in me adding a simple sleep call (say for 1 
second or so) in the auth-callback to slow down a dictionary attack or such?

-- not security related --

4) Is there any way to get access to the raw socket fd (or GSocket even) 
for a client connection in a way that it can be safely written to 
outside of libsoup? I read in the API docs for the _get_fd() function 
that one shouldn't fiddle with the socket on its own, so I'm a little 
stumped on how to do it correctly. I'm using GStreamer and its 
multifdsink/multisocketsink in order to make the pipeline stream to 
multiple clients, and I would really like to avoid re-implementing that 
plugin's code/logic in order to make one that can write to the soup 
response buffer instead of a file descriptor/socket (or does such a 
plugin already exist?).

Thanks in advance for any tips, tricks, advice, search terms or links.

P.S. libsoup is awesome!

Cheers,
Matthew Brush