On Thu, Jan 2, 2014 at 11:49 AM, Joe Landman <[email protected]> wrote:
> There's Mojolicious::Plugin::Authentication as well :) >> > > Thats part of it ... I mean more of a plugin where you hand it a set of > pages for login, request an account, failed, etc... . > > Basically I am looking for something that would use M::P::A as part of it, > but make that whole process much simpler. I know about how to write good > logic for my apps, I don't want to have to worry about whether my login > workflow is correct ... > > I know it might seem trivial, but if you think about it, a good/correct > login process flow is an important part of security. If you code something > incorrectly, you can wind up letting the evil interwebs at your precious > data ... something I'd like to avoid. Its not that I can't hack through > this myself, its that there are some best practices for this. > > Something akin to MojoX::Auth::Simple (http://search.cpan.org/~ > kimhawtin/MojoX-Auth-Simple-0.04.03/lib/MojoX/Auth/Simple.pm), but as a > core part of the system. Convos::User shows part of what I am thinking of. My thought, similar to Joe, I think, is that the Mojo built-in Login would be a best practices method (like with CSRF and Validation) that grants security, at least from a prototyping perspective. Let someone develop an app without all the repetition of something so crucial, let it get big, and then let the developer swap out the Login to something more powerful. But at least the developer didn't have to start the prototyping phase with the annoying repetition of all of the steps of initializing Login. For example, have Mojo include the basic conditions, routes, and helpers that require the developer to simply dig right in and use them. use Mojolicious::Lite; get '/' => (auth => qr/%group|user/) => 'index'; app->start; And the authentication would be tied to a simple htpasswd style text file or something that could define users and passwords and have users in groups and groups in groups. -- You received this message because you are subscribed to the Google Groups "Mojolicious" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/mojolicious. For more options, visit https://groups.google.com/groups/opt_out.
