At this time neither of those. Adding registration seems pretty straightforward. Password resets are a little less so, but still just a simple matter of programming.
-- Mike On 24 Mar 2013, at 15:17 , Eric Bloch <[email protected]> wrote: > Hey Mike, > > How far does your implementation go here? Does it handle > > • registration/signup > • 'forgot my password' > > Eric > > Eric Bloch > Director, Community > MarkLogic Corporation > > desk +1 650 655 2390 | mobile +1 650 339 0376 > email [email protected] > web developer.marklogic.com > twitter @eedeebee > > On Mar 24, 2013, at 1:26 PM, Michael Blakeley <[email protected]> > wrote: > >> I wish this were a little easier to reuse, but take a look at >> https://github.com/mblakele/roxy/tree/app-level-login for one >> implementation. The diff is >> https://github.com/mblakele/roxy/commit/ea37c1a1662506783c5c1f6992be376e4c896707 >> >> A number of moving parts have to come together. For security the main >> ingredients are to use POST, and to use TLS (not part of that patch). The >> app needs a rewriter that can protect some pages, but without preventing the >> login page from loading. It's also important to have a default login role >> that has enough privileges to run the login page, but not enough to cause >> trouble. >> >> The redirects are in skeleton form in that roxy branch, but I think you will >> see how to extend it without much trouble. >> >> -- Mike >> >> On 23 Mar 2013, at 19:16 , Will Thompson <[email protected]> wrote: >> >>> I've read the documentation in the security guide, but I'm curious if there >>> might be a public repo somewhere that has a more "robust" implementation of >>> xdmp:login(). I assume it's already been done many times, but the idea is a >>> login controller-type piece that 1) accepts the credentials in a reasonably >>> secure way (I'm not 100% sure how to do this), and 2) is smart enough to >>> redirect the user to back to the page they originally requested if they got >>> punted to the login page for not being signed in, and 3) handles >>> boilerplate on all the non-public pages. >>> >>> -Will >>> _______________________________________________ >>> General mailing list >>> [email protected] >>> http://developer.marklogic.com/mailman/listinfo/general >> >> _______________________________________________ >> General mailing list >> [email protected] >> http://developer.marklogic.com/mailman/listinfo/general > > _______________________________________________ > General mailing list > [email protected] > http://developer.marklogic.com/mailman/listinfo/general _______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
