Noah Kantrowitz wrote: > On Apr 7, 2009, at 8:44 AM, John Hampton wrote: > >> Noah Kantrowitz wrote: >>> If they have no password backend configured, not form-based auth. No >>> need for extra options. >> ATM, it uses the SessionStore backend as a default. One need not >> configure anything to have it work. >> >> I suppose that we could have initenv set this default (along with >> prompting for a TRAC_ADMIN username and password). > > Thats a very bad default. It anything it should be using htpasswd as a > default. SessionStore is an optimization only for the largest of sites > where updating the password file becomes a concurrency issue. No one > else should ever use it, period. I would make it use htpasswd (with > conf/passwd as the file) at initenv, and then make it so if you blank > the config value for the backend it disables the form.
You're smoking crack Noah! htpasswd files suck. Period. SessionStore is not just an optimization for large sites only. It's for anyone that doesn't want to bother with an additional password file. It's also nice for platforms that don't have crypt (*cough* windows *cough*), or have a really crappy command line (*cough* windows *cough*). I stand by my decision of using SessionStore as the default password store. I'll change it so that it only gets set at initenv and if left blank then form auth is not used as a fall back. Re: using htpasswd file, I think it's a horrible idea as a default. Most people don't want to have to deal with it. Using the SessionStore keeps all user related things in the database. This is how most other systems work and what, I think, most people expect. I'd like to hear the opinion of others on this point. SessionStore or htpasswd file as the default password store for new environments -John --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Development" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/trac-dev?hl=en -~----------~----~----~----~------~----~------~--~---
