> does web2py have a standard AES api? i would like to (symmetrically) > encrypt the stored motp pin and motp secret. Or is it better i just > use a external python library?
There is a CRYPT helper object of web2py that can be instanitated with different options. It is used for standard authentication. (I am not sure if if can be of use for AES) http://web2py.com/examples/static/epydoc/web2py.gluon.validators.CRYPT-class.html > - as of now the user database and user field is hard-coded to use > auth_user table and email field respectively. How can i make this > variable? (so a user can pass some other database table or field) Maybe you could make custom Auth forms and let the use choose the input sources. You could also call extra authentication object methods to pre-define options in the model. For this purpose, a paralell object available at the model should store the extra settings. > - is there any way to prevent web2py from storing the password in the > DB after a successful alternate login. One you authenticate with motp. > the motp password gets stored in the db. OTP means having an ever > changing password. The model's auth standard instance hast special settings for handling on-authentication events. It should be possible to catch on-login events and return without storing data.
