Yep, the whole exercise is a smop, but it's nice to have a working reference. I have this code in RunDMC, but it's not something that is easy to read or learn from :(
E Eric Bloch Director, Community MarkLogic Corporation desk +1 650 655 2390 | mobile +1 650 339 0376 email [email protected]<mailto:[email protected]> web developer.marklogic.com<http://developer.marklogic.com> twitter @eedeebee On Mar 24, 2013, at 4:12 PM, Michael Blakeley <[email protected]<mailto:[email protected]>> wrote: At this time neither of those. Adding registration seems pretty straightforward. Password resets are a little less so, but still just a simple matter of programming. -- Mike On 24 Mar 2013, at 15:17 , Eric Bloch <[email protected]<mailto:[email protected]>> wrote: Hey Mike, How far does your implementation go here? Does it handle • registration/signup • 'forgot my password' Eric Eric Bloch Director, Community MarkLogic Corporation desk +1 650 655 2390 | mobile +1 650 339 0376 email [email protected]<mailto:[email protected]> web developer.marklogic.com<http://developer.marklogic.com> twitter @eedeebee On Mar 24, 2013, at 1:26 PM, Michael Blakeley <[email protected]<mailto:[email protected]>> wrote: I wish this were a little easier to reuse, but take a look at https://github.com/mblakele/roxy/tree/app-level-login for one implementation. The diff is https://github.com/mblakele/roxy/commit/ea37c1a1662506783c5c1f6992be376e4c896707 A number of moving parts have to come together. For security the main ingredients are to use POST, and to use TLS (not part of that patch). The app needs a rewriter that can protect some pages, but without preventing the login page from loading. It's also important to have a default login role that has enough privileges to run the login page, but not enough to cause trouble. The redirects are in skeleton form in that roxy branch, but I think you will see how to extend it without much trouble. -- Mike On 23 Mar 2013, at 19:16 , Will Thompson <[email protected]<mailto:[email protected]>> wrote: I've read the documentation in the security guide, but I'm curious if there might be a public repo somewhere that has a more "robust" implementation of xdmp:login(). I assume it's already been done many times, but the idea is a login controller-type piece that 1) accepts the credentials in a reasonably secure way (I'm not 100% sure how to do this), and 2) is smart enough to redirect the user to back to the page they originally requested if they got punted to the login page for not being signed in, and 3) handles boilerplate on all the non-public pages. -Will _______________________________________________ General mailing list [email protected]<mailto:[email protected]> http://developer.marklogic.com/mailman/listinfo/general _______________________________________________ General mailing list [email protected]<mailto:[email protected]> http://developer.marklogic.com/mailman/listinfo/general _______________________________________________ General mailing list [email protected]<mailto:[email protected]> http://developer.marklogic.com/mailman/listinfo/general _______________________________________________ General mailing list [email protected]<mailto:[email protected]> http://developer.marklogic.com/mailman/listinfo/general
_______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
