OK, so make it so that if desired some subset of the URL vars could be
signed while still allowing other vars to be changed. That is
certainly doable and would be nice for securing only the important
parts.
Are you assuming that *all* the args *always* get hashed though - that
seems reasonable to me anyway since a form or ajax call shouldn't need
to manipulate them right?
If this sounds like a better implementation to you Jonathan (and
anyone else) then I can look at getting a patch to Massimo.
~Brian
On Dec 4, 1:07 pm, Jonathan Lundell <jlund...@pobox.com> wrote:
> On Dec 4, 2010, at 10:29 AM, Brian M wrote:
>
>
>
> > Jonathan,
>
> > How would you like to see this behave? Perhaps URL('index',args=[],
> > vars={}, hash_key='xxx', hash=['args','vars']) and then
> > URL.verify(hmac_key='xxx', hash=['args', 'vars]) so that you could
> > choose which portions of the URL to sign and/or verify with hash=None
> > triggering the original behavior of hashing both? Since this hasn't
> > made it into a stable release yet I assume changes can be made still
> > without worrying about breaking backwards compatibility.
>
> That would work. I'm not sure if it needs to be that general; is there a use
> case for hashing vars but not args? If not, then a boolean would be adequate
> (hash_vars=True by default; the caller sets it False if desired).
>
> Another generalization would be to pass a set of var keys to be included in
> the hash: hash_vars=set('name1', 'name2'). The use case would be a form,
> again (or Ajax, perhaps), where the included vars would be page state kept in
> hidden or read-only elements of the form.
>
> So: hash_vars=True (default; hash all vars)
> hash_vars=False (don't hash any vars)
> hash_vars=set(...) (hash only the vars named in the set)
>
> The set needn't be a set per se, I suppose. Any iterable (well, not a string)
> would suffice.
>
>
>
>
>
>
>
>
>
> > ~Brian
>
> > On Dec 3, 11:13 am, Jonathan Lundell <jlund...@pobox.com> wrote:
> >> On Dec 3, 2010, at 9:01 AM, mdipierro wrote:
>
> >>> New feature in trunk:
>
> >>> URL('index',args=[],vars={},hash_key='xxx')
>
> >>> the URL will have a _signature attached. The associated controller can
> >>> check for the signature with
>
> >>> def index():
> >>> if not URL.verify(hmac_key='xxx'): ......
> >>> ...
>
> >>> Please test it. In particular we need to test the workflow and see if
> >>> we are missing something useful or doing something wrong.
>
> >> Perhaps there should be an option to exclude the query string from the
> >> hash calculation. Otherwise we can't sign URLs that are form actions (or
> >> that are similarly used with Ajax).
