On Wed, Nov 9, 2011 at 8:56 AM, Taras <ox...@oxdef.info> wrote:
> Andres,
>
> I have updated base plugin and added comments and head.
> Is everything ok now?
Looks good now! Are you guys going to be adding more plugins?
> 24.10.2011 18:08, Taras пишет:
>>>>>>
>>>>>> I just has commited generic auth plugin [0].
>>>>>> It can be used in most cases with simple auth form
>>>>>> (username/password).
>>>>>> Will be glad to read feedback from you!
>>>>>
>>>>> I think that the auth plugins are going to give lots of power to
>>>>> the advanced users, they look very clean and I hope users will dig the
>>>>> idea. Here are some comments about the code:
>>>>>
>>>>> * "except Exception, e:" , I would recommend doing a more
>>>>> specific error handling if possible.
>>>>
>>>> In common I agree with this point of view. But it is *generic* plugin
>>>> and we
>>>> don't know in it about such things like "Incorrect password" or
>>>> something
>>>> like this. So we can only tell to the user that this generic plugin
>>>> can't
>>>> login? What else information can we say?
>>>
>>> Not sure :)
>>
>> Hmm, what is your suggestion? It is no problem to add more specific
>> error handling if we can/need it.
>>
>>>>> * o5 = option('auth_url', self.auth_url, d5, 'string') and o6,
>>>>> I think that you can change 'string' with 'url', and you'll get better
>>>>> error handling
>>>>> * "This auth plugin can logging in to generic-passport" , help
>>>>> is too short, I would expand that A LOT in order to explain what the
>>>>> plugin does and how it does it.
>>>>
>>>> Agree with these two things and will fix it.
>>>
>>> Great!
>>>
>>>>> * Header is missing
>>>>
>>>> What header?
>>>
>>> File header with the copyright, GPL, etc.
>>
>> Aaa, agree and will add it.
>>
>>>
>>>>> And how is this plugin used? When is login() / is_logged() /
>>>>> logout() called?
>>>>
>>>> Hmmm, I can describe it on our wiki?
>>>
>>> That's an option, but I would also like to see this documented
>>> somewhere in the base class.
>>
>> Ok, I will add it also to the base class.
>>
>>
>>>
>>>>>
>>>>>> [0]
>>>>>>
>>>>>> https://w3af.svn.sourceforge.net/svnroot/w3af/branches/auth-plugins/plugins/auth/generic.py
>>>>>> [1]
>>>>>>
>>>>>> https://w3af.svn.sourceforge.net/svnroot/w3af/branches/auth-plugins/scripts/script-auth_generic.w3af
>>>>>>
>>>>>> --
>>>>>> Taras
>>>>>>
>>>>
>>>>
>>>> --
>>>> Taras
>>>>
>>>
>>>
>>>
>>
>>
>
>
> --
> Taras
> http://oxdef.info
>
--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af
------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
