On Jun 29, 9:42 am, Simon Willison <[EMAIL PROTECTED]> wrote:
> On Jun 28, 10:01 pm, "Scott Moonen" <[EMAIL PROTECTED]> wrote:
>
> > If you add the timestamp into both the hash and the token then you can
> > achieve a more granular expiration policy.
>
> That's the approach I use for djangopeople.net - the problem is that
> including the timestamp lengthens the URL yet further. I actually use
> a hex representation of the number of days since 2001/1/1 as a short
> representation of a timestamp, which at least knocks it down to just 3
> characters:
>
Just out of interest, the method I use is to salt the password with
the current UTC date (not time). Then the server just checks the token
X times, reducing the checked date by one day each loop.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en
-~----------~----~----~----~------~----~------~--~---
