Dear Jonathan,
Thanks for the reply. You said ... shouldn't be necessary to use the same
(or no) salt on different installations for passwords to work correctly ...
That set me to make an experimental app, to test the passwords, pwt.
Here are my notes from that experiment which compares pwt
On 12 Dec 2012, at 9:29 AM, JoeCodeswell joecodesw...@gmail.com wrote:
Dear Massimo,
When i tried to
db.auth_user.password.validators[0].salt = False
Here's what happened.
Try this instead: change CRYPT() to CRYPT(salt=False)
--
Jonathan said: Try this instead: change CRYPT() to CRYPT(salt=False)
Thanks, Jonathan. I think this is what you mean. Here's what happened.
Windows Try
---
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\joecd C:\web2py
On 12 Dec 2012, at 10:00 AM, JoeCodeswell joecodesw...@gmail.com wrote:
Jonathan said: Try this instead: change CRYPT() to CRYPT(salt=False)
Thanks, Jonathan. I think this is what you mean. Here's what happened.
Windows Try
More like this:
In [10]:
On 12 Dec 2012, at 10:30 AM, JoeCodeswell joecodesw...@gmail.com wrote:
Dear Massimo and Jonathan,
In my last post i said I'm still not sure how to change my app instances,
however.
I thought about it a little bit and my guess is that i should add
db.auth_user.password.requires[0].salt
On 12 Dec 2012, at 11:31 AM, JoeCodeswell joecodesw...@gmail.com wrote:
Thanks, Jonathan. Thanks, Massimo.
Web2py is a GREAT community.
Before we close this thread, I'd like to revisit the reason you were having
trouble in the first place. It shouldn't be necessary to use the same (or no)
Dear Massimo,
Thanks for the reply.
I just did a diff between the webfaction private/auth.key file and the
localWindowsMachine private/auth.key file.
RESULT: *Files Match*.
History::
*Local Windows Machine*
In response to Niphlod's BTW3 suggestion, which he made on Dec 6 in this
thread, to
Can you try do this on both machines?
$ python web2py.py -S yourappname -M
print db.auth_user.password.validate('dummy')[0]
Do you get the same output? What are the two python version? 32bits or
64bits?
Massimo
On Tuesday, 11 December 2012 11:01:54 UTC-6, JoeCodeswell wrote:
Dear Massimo,
On 11 Dec 2012, at 4:05 PM, JoeCodeswell joecodesw...@gmail.com wrote:
Dear Massimo,
Here's the answers.
Can you try do this on both machines?
webfaction
$ python web2py.py -S myappNotReally -M
web2py Web Framework
Created by Massimo Di Pierro, Copyright 2007-2012
Version 2.2.1
Jonathan is right.
I forgot to ask you also set
db.auth_user.password.validators[0].salt = False
I am trying to find out if (for the same salt or no salt) you get the same
hash. I suspect not.
On Tuesday, 11 December 2012 18:30:46 UTC-6, Jonathan Lundell wrote:
On 11 Dec 2012, at 4:05 PM,
Thanks for the response, Massimo.
I have the auth.key. However, I am a bit concerned about publishing it here
since I have potential clients that are looking at myapp on webfaction
right now. I am concerned about what i have already published. What do you
suggest I do?
Thanks in advance.
You should not publish your key.
What I am saying is that as online as your key is the same used to create
the hashes, the CRYPT validators should do the right job.
If you want your dev app and production to share data, they must share the
same key.
Another option is not using the key at
Hi Niphlod,
Here is my report on your suggestion:
BTW3: to pass around an app just log into admin and hit create package
(or tar.gz the entire applications/myapp folder and load it locally with
upload package)
On webfaction-web2py-admin:
for myapp clicked the Pack all button
Thanks Joe...
1. can we see how auth is istantiated in your app ?
2. can you pass us the database (or just one of the auth_user records along
with the unencrypted password)
With those, we could easily reproduce the behaviour (i.e. trying to login
in the app with the password with exactly your
Dear web2py folks,
I also have a local ubuntu machine. I used the same Upload and install
packed application technique as i did for my local windows machine. When i
tried to login using 2 of the users that WORK on webfaction myLocalUbuntu
machine also FAILED each time - returning to the login
Sure, Niphlod. I didn't see your post before i posted my comment about my
local ubuntu machine which seems to behave like my local windows machine.
1. can we see how auth is istantiated in your app ?
In db.py
from gluon.tools import Auth, Crud, Service, PluginManager, prettydate
auth = Auth(db,
The fact is that
CRYPT()('NewFish04pw')==pbkdf2(1000,20,sha512)$a94f2bd3a071cfa8$69e71be8683802edbb83dfc2cb97dfea97ab76c0
False
because the stored hashed password depends on the salt but also on the key
stores in private/auth.key and I do not know what that is.
On Saturday, 8 December 2012
By the way, I was just thinking about a work around for my problem when i
decided to do a DIFF between the webfaction controllers/appadmin.py file
and the one on windows. THEY ARE DIFFERENT. I did not expect that.
Here is a link to the 2 files, appadmin.py.windows, appadmin.py.linux for
appadmin.py ships with the application, so if you really copied the
controllers folder you'd have the same file.
BTW, pbkdf2 was introduced ~2 months ago.
BTW2: if you copied an app that used the sha512 algo an tried to load it
into a *newer* web2py release, as soon as the user entered the
Dear Niphlod,
Thanks for the reply.
appadmin.py ships with the application, so if you really copied the
controllers folder you'd have the same file.
Of course you are right. I only copied the files i [thought i] had changed.
That's why i was surprised to find that
appadmin.py.windows
20 matches
Mail list logo