I read chapter 8 of the web2py manual and some post on authentication to get started (again) implementing a cms.
I read about MD5 and SHA-512, and understand I have to provide a secret key for this setting: auth.settings.hmac_key='<your secret key>' Does this key have a specific format, e.g. 448a98e0-00fd-46b2- ac4f-a14d2315b189? Or can I use any key? At the moment I am working in web2py 1.76.5 does this version already use hmac + sha-512? Furthermore I would like to customize the auth_user table. In the manual the proper way to define a user table is: auth_table = db.define_table(auth.settings.table_user_name, Field('first_name', length=128, default=''), Field('last_name', length=128, default=''), Field('email', length=128, default='', unique=True), Field('password', 'password', length=256, readable=False, label='Password'), Field('registration_key', length=128, default= '', writable=False, readable=False)) auth_table.first_name.requires = IS_NOT_EMPTY(error_message=auth.messages.is_empty) auth_table.last_name.requires = IS_NOT_EMPTY(error_message=auth.messages.is_empty) auth_table.password.requires = [IS_STRONG(), CRYPT()] auth_table.email.requires = [IS_EMAIL(error_message=auth.messages.invalid_email), IS_NOT_IN_DB(db, auth_table.email)] auth.settings.table_user = auth_table In a workgroup post of 8 February I read this definition: auth.settings.table_user = db.define_table('auth_user', Field('first_name', length=512,default=''), Field('last_name', length=512,default=''), Field('email', length=512,default='', requires = [IS_EMAIL(),IS_NOT_IN_DB(db,'auth_user.email')]), Field('password', 'password', readable=False, label='Password', requires=CRYPT(auth.settings.hmac_key)), Field('registration_key', length=512, writable=False, readable=False,default=''), Field('reset_password_key', length=512, writable=False, readable=False, default='')) What is the reset_password_key for? I guess I'd better use the latter table definition, don't I need any validators? Kind regards, Annet.