On Dec 4, 2010, at 10:29 AM, Brian M wrote:
>
> Jonathan,
>
> How would you like to see this behave? Perhaps URL('index',args=[],
> vars={}, hash_key='xxx', hash=['args','vars']) and then
> URL.verify(hmac_key='xxx', hash=['args', 'vars]) so that you could
> choose which portions of the URL to sign and/or verify with hash=None
> triggering the original behavior of hashing both? Since this hasn't
> made it into a stable release yet I assume changes can be made still
> without worrying about breaking backwards compatibility.
That would work. I'm not sure if it needs to be that general; is there a use
case for hashing vars but not args? If not, then a boolean would be adequate
(hash_vars=True by default; the caller sets it False if desired).
Another generalization would be to pass a set of var keys to be included in the
hash: hash_vars=set('name1', 'name2'). The use case would be a form, again (or
Ajax, perhaps), where the included vars would be page state kept in hidden or
read-only elements of the form.
So: hash_vars=True (default; hash all vars)
hash_vars=False (don't hash any vars)
hash_vars=set(...) (hash only the vars named in the set)
The set needn't be a set per se, I suppose. Any iterable (well, not a string)
would suffice.
>
> ~Brian
>
> On Dec 3, 11:13 am, Jonathan Lundell <[email protected]> wrote:
>> On Dec 3, 2010, at 9:01 AM, mdipierro wrote:
>>
>>
>>
>>> New feature in trunk:
>>
>>> URL('index',args=[],vars={},hash_key='xxx')
>>
>>> the URL will have a _signature attached. The associated controller can
>>> check for the signature with
>>
>>> def index():
>>> if not URL.verify(hmac_key='xxx'): ......
>>> ...
>>
>>> Please test it. In particular we need to test the workflow and see if
>>> we are missing something useful or doing something wrong.
>>
>> Perhaps there should be an option to exclude the query string from the hash
>> calculation. Otherwise we can't sign URLs that are form actions (or that are
>> similarly used with Ajax).
