On Mon, Oct 27, 2008 at 11:57:00PM -0600, Jason Kuri wrote: > You can get clear passwords with no warnings by dropping SimpleDB for > configuration purposes and using a 'standard' auth config that looks > like this:
Which hides the badness. Frankly I'd like to see -all- of authentication warn on cleartext passwords unless you add some (preferably long) config option like "insecure_password_storage_ok". The best thing about this is it makes it obvious to a -maintainer- that their predecessor did this. Remember that the person who benefits from seeing that that option has been turned on may not be the person who originally turned it on. -- Matt S Trout Need help with your Catalyst or DBIx::Class project? Technical Director http://www.shadowcat.co.uk/catalyst/ Shadowcat Systems Ltd. Want a managed development or deployment platform? http://chainsawblues.vox.com/ http://www.shadowcat.co.uk/servers/ _______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/