I think a good approach is to have safer more secure defaults, and
if users explicitly turn those off then have relevant warnings on by
default, and if users really know what they're doing then they can
explicitly turn those off.
For example, users can have an explicit
no_warnings_plaintext_password or some such where warnings are
turned on by default and off explicitly.
Generally speaking, those who know enough to handle less safe things
also know enough how to ask the system to let them do those things.
People who don't know well enough for one aren't likely at the same
time have to know to ask the system for help in pointing out unsafe
behaviour so they're in trouble if unsafe is the default. For
people who do know things, having safe defaults is still good for
working together with their desire to be lazy.
Those who know enough to handle less safe things shouldn't be afraid
to use the 'standard' auth configuration, though, wouldn't you think?
You can get clear passwords with no warnings by dropping SimpleDB for
configuration purposes and using a 'standard' auth config that looks
like this:
MyApp->config('Plugin::Authentication') = {
default => {
credential => {
class => 'Password',
password_type => 'clear'
},
store => {
class => 'DBIx::Class',
role_relation => 'roles',
role_field => 'role',
use_userdata_from_session => '1',
user_model => $user_model_from_simpledb_config
}
}
};
So - why add it to the SimpleDB?
Jay
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/