On Mon, Oct 27, 2008 at 11:57:00PM -0600, Jason Kuri wrote:
> You can get clear passwords with no warnings by dropping SimpleDB for
> configuration purposes and using a 'standard' auth config that looks
> like this:
Which hides the badness.
Frankly I'd like to see -all- of authentication warn on cleartext passwords
unless you add some (preferably long) config option like
"insecure_password_storage_ok". The best thing about this is it makes it
obvious to a -maintainer- that their predecessor did this.
Remember that the person who benefits from seeing that that option has
been turned on may not be the person who originally turned it on.
--
Matt S Trout Need help with your Catalyst or DBIx::Class project?
Technical Director http://www.shadowcat.co.uk/catalyst/
Shadowcat Systems Ltd. Want a managed development or deployment platform?
http://chainsawblues.vox.com/ http://www.shadowcat.co.uk/servers/
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
