Hi all, As I mentioned before in this list, my co-worker Nando and me have been fiddling with "ruote-rest" since December. Now it's time for some contribution to the project :-)
Our main goal was to avoid storing passwords in plain text
(conf/authentication.yaml) - instead, all authentication info is
stored in "ruoterest_#{stage}" - The following tables are created:
USERS (inspired by ruote-web2)
HOSTS (IP whitelisting and ToD filter)
Passwords
---------------
So far, we've successfully implemented the following password storage schemes:
* {SSHA}
* {SMD5}
* {...} It's easily extensible
An 8-byte salt is included in the b64 passwd string (a la Netscape
Directory Server)
Hosts table:
----------------
attributes:
* 'ip': as for now, every host making requests to ruote-rest must be
stored in this table.
* 'trusted': 'false' or 'true' for whitelist inclussion, thus
disabling ToD and user/passwd checks.
* 'from' - 'to': Time of Day filter. Set a valid interval to use
ruote-rest or NULL.
For additional details and usage instructions, please see
"README.newauth" in the tgz and have a look at the code. I encourage
you all to give it a spin and send some feedback to the list.
The code works, and IMHO, it would make a nice addition to this great project.
More to come!
Kindest regards,
//Gonzalo
--~--~---------~--~----~------------~-------~--~----~
you received this message because you are subscribed to the "ruote users" group.
to post : send email to [email protected]
to unsubscribe : send email to [email protected]
more options : http://groups.google.com/group/openwferu-users?hl=en
-~----------~----~----~----~------~----~------~--~---
newauth.tar.gz
Description: GNU Zip compressed data
