Entirely agreed. Basic auth must be _basic_ => id+passwd
Not just display name but all personal data has nothing to do with security and is fully application-specific. This holds for the email field. Identity is working good but may be some of the most security-aware readers of this ML should help here: Even a good implementation doesn't shield against all pitfalls when it comes to security. Justin Johnson wrote: > > > While browsing through the source for up and coming 0.9, I've noticed > the following TG_User comment: > > ''' > Reasonably basic User definition. Probably would want additional > attributes. > ''' > > Does this mean that the intention is to further add attributes? As a > suggestion - that might not be desirable. > > For example, I'm working on a system where I already have a User class > that contains id, password, email and creation date. Basic stuff. > > I'm representing further user information such as gender, date of > birth, location etc through a separate table. My User model really > just acts as the gate keeper data to the system and is minimal. > > Now, TG_User also has 'displayName' which is a 255 length description > field! On my set up I'd put that in my separate table. Some apps > wouldn't have any use for it at all. > > This is application dependent and my feeling is that the identity > system should just provide the absolute minimum to incorporate security. > > Would it be possible to have this so that you can specify your own > User model? > > Otherwise, great job and I look forward to using it! :) > > >
signature.asc
Description: OpenPGP digital signature
