In r6204 I applied a not so drastic solution: http://trac.turbogears.org/changeset/6204
But again I think it'd be better if we removed the ability to select the hashing algorithm, mostly to make the template a bit simpler. Can I go for that? Cheers. On Thursday January 29, 2009 17:38:14 Jorge Vargas wrote: > On Wed, Jan 28, 2009 at 5:08 PM, Florent Aide <[email protected]> wrote: > > On Wed, Jan 28, 2009 at 7:34 PM, Jorge Vargas <[email protected]> wrote: > >> to be clear, that's my point why will that won't work? why will I need > >> to load tg in order to use a console script? can't we just inline that > >> in the model where it should be? Just as Gustavo said simply add the 3 > >> lines to the model with the sha1 and md5 commented out and the > >> salted_sha1 un-commented. That will let everyone default to the most > >> secure algorith, yet still allow you to go back to the less-secure > >> ones in case you need to (for example old already hashed passwords) > > > > why not... this is in the quickstarted app and anyone willing to lower > > his security (or improve it by using some difference method) could do > > it easily... and this would remove quite some problems... I'm > > convinced... > > > > +1 for Gustavo's proposal > > ok I'll make a ticket + patch. > > -- Gustavo Narea <http://gustavonarea.net/>. Get rid of unethical constraints! Get freedomware: http://www.getgnulinux.org/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears Trunk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/turbogears-trunk?hl=en -~----------~----~----~----~------~----~------~--~---
