Hi,
I am going to have a go at adding a new authentication method to
repoze.who. It's like the standard forms authentication, but uses
JavaScript hashing to protect the password as it is transmitted.
There's information about the scripts here, explaining how the system
works, how it avoids
2009/5/12 Paul Johnston p...@pajhome.org.uk:
I am going to have a go at adding a new authentication method to
repoze.who. It's like the standard forms authentication, but uses
JavaScript hashing to protect the password as it is transmitted.
Excellent; there's been talking on this list
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hanno Schlichting wrote:
Removed _filterPasswordFields hack, preventing keys with the exact
key 'passw' to be filtered out in one place is just obscurity.
But you didn't de-obfuscate it, you ripped it out. Now, the response
view shows
2009/5/12 Tres Seaver tsea...@palladion.com:
The server side wouldn't know that: the presence of such a field in the
request is completely independent of any form (e.g., cookies passed long
after logging in).
I understand the issue, but shouldn't the remedy be to avoid ever
displaying request
Chris McDonough wrote:
I think this package is becoming less repoze.zope2 than some other more
experimental system. Which is fine. But there's no way I'm going to be able
to give people help with it on IRC or the maillist when it breaks because
they're using an API that we removed. I
2009/5/12 Chris McDonough chr...@plope.com:
If we ever do release an 80%-compatible publisher replacement, we should call
it
something other than repoze.zope2.
I doubt if we're really talking 80% though; if as Hanno suggests,
it'll run CMF, Plone and what other popular Zope 2 apps/libraries,
On May 12, 2009, at 12:17 PM, Chris McDonough wrote:
On 5/12/09 12:00 PM, Malthe Borch wrote:
2009/5/12 Chris McDonoughchr...@plope.com:
If we ever do release an 80%-compatible publisher replacement, we
should call it
something other than repoze.zope2.
I doubt if we're really talking
2009/5/12 Andrew Sawyers and...@sawdog.com:
Just and FYI from a (large) consumer of the repoze.zope2 package
This kind of change causes expensive test iterations. We're currently going
through one now...as a result of choosing to move over to repoze.zope2 and
friends. We would like to
New submission from Forest list8a.for...@tibit.com:
My testing shows that a meta-data provider plugin is called on every request.
This is horribly inefficient for meta-data that is expensive to fetch, such as
any that lives in a database. I would expect it to be fetched once when the
user is
Hi,
Ok, I've had a little look at how I could implement the JavaScript
hash login. I'll create a HashFormPlugin that is a challenger and an
identifier. As for the Authenticator, maybe I'll create a new
SQLHashAuthenticatorPlugin, or maybe I'll just provide a
default_hash_compare function to pass
10 matches
Mail list logo
