You forgot about UI for system admin. if you have (like i do) many little projects that need auth system django's implementation of Automatic admin interface can save you some time (that you can spend doing something else).
On Jun 21, 4:40 pm, Eugueny Kontsevoy <[email protected]> wrote: > The reason I picked Pylons is precisely because it's not polluted with > all-size-fits-all solutions for trivial problems. Coding an authentication > from scratch takes less than an hour: with "remember me" feature, > bcrypt-based hashing, password recovery, etc. And you have to do it just > once during your "Pylons career" and carry over from one app to another. > > Frameworks should concentrate on making mundane and repeating tasks easy or > even abolish them altogether. User authentication isn't one of those tasks: > it's done only once per project and every project may need it to be slightly > different, hence it's neither mundane nor particularly repeating. > > What Pylons really needs is a solid replacement for FormEncode. The current > situation calls for incredible amount of boilerplate. Coming from Rails > background I despise the notion of form classes. There's gotta be a way for > converting form input into neat dictionaries (and back) without adding > another player (Form class) to MVC. > > Just my $0.02 > -- > Ev > > > > On Mon, Jun 21, 2010 at 5:34 AM, karantan <[email protected]> wrote: > > Hi > > > I have been developing in pylons for about one year and half and since > > then i always wish that we had our own built-in auth system like > > django has it. (i know this will not happen). > > with every project i wrote my own auth system (because i do not like > > repoze - for simple projects it's an overkill and for big project you > > can not modify it easily) so i was wondering if you could tell me > > where should i be careful for security wholes. > > > at login post (if success) i put user_id in session and then i secure > > every action with decorator. that decorator checks if the user is > > signed in (if there is user_id in session) and if that user has > > permission for that action. > > > because of its simplicity i fell that it needs a bit of security > > touch. if you look at repoze.who&what or any other auth lib there is a > > ton of code so there is got to be a reason for that. > > > best karantan > > > -- > > You received this message because you are subscribed to the Google Groups > > "pylons-discuss" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]<pylons-discuss%2bunsubscr...@go > > oglegroups.com> > > . > > For more options, visit this group at > >http://groups.google.com/group/pylons-discuss?hl=en. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
