On Sun, 2012-09-23 at 05:54 -0700, Florian Rüchel wrote: > > How about a script that's part of the framework itself? We > have pserve, > pcreate... how about > > pkeygen [-w <filename>] > > or > > pyramid-keygen [-w <filename>] > > I like this idea very much. I would like to either get this usage > approved or I would just build a simple function inside pyramid. > However, such a function belongs more into an installation than into > application code. Can you tell me how to build such a script that runs > on both Windows and Linux? I would like to see it implemented in this > way if Chris approves.
Who will use it and when would they use it? > On a seperate note: I have started on improving the documentation. As > a first step, I have edited the `narr/authentication.rst` to include a > note and have documented the API for > `pyramid.authentication.AuthTktAuthenticationPolicy` (better > documentation for secret, add documentation for hashalg). My question > is now how would you handle this in regards to the documentation. I > thought about adding this (or a similar) note everywhere this policy > is used. This should raise the awareness everywhere the docs are read > (e.g. tutorials). Furthermore, since we would clearly recommend to use > something like SHA256 if MD5 is not explicitly needed, should we > change the code examples to include a better hashalg (instead of just > documenting it)? I would vote for a yes, since I don't see any > disadvantage: If you build a new application, you should always use > another algorithm and as shown above mod_auth_tkt can also easily > handle other algorithms if configured correctly. I didn't know we already had a mergeable patch for the hashalg stuff. The last patch I saw seemed maybe a little overwrought. Until we figure that out, I'd hold off on changing docs. > I would like to hear some opinions on this matter before I start to > make big changes and only end up reverting them because you don't like > it. My first version can be found here: > https://github.com/Javex/pyramid/commit/549db4b02cbff2c511eb026d3a5856b0b8fb3236 > > I have also created a small `gensecret` function based on the ideas of > Daniel and Domen (but with added Python3 compatibility): > https://github.com/Javex/pyramid/commit/d4f2943fa50e34f682f8097dccee2ce3ef1e998e > This function is not what I expect in the final version but it shows > where I would like to go with this: Provide a function that makes it > easier for a user to obtain a strong secret. Either we use it this way > or the above mentioned seperate script, that really doesn't matter. > > Please tell me your thoughts on both topics. - C -- You received this message because you are subscribed to the Google Groups "pylons-devel" group. To post to this group, send email to pylons-devel@googlegroups.com. To unsubscribe from this group, send email to pylons-devel+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-devel?hl=en.
