On Mon, Oct 27, 2008 at 11:57:00PM -0600, Jason Kuri wrote:
> You can get clear passwords with no warnings by dropping SimpleDB for
> configuration purposes and using a 'standard' auth config that looks
> like this:
Which hides the badness.
Frankly I'd like to see -all- of authentication warn on
* On Mon, Oct 27 2008, Thomas L. Shinnick wrote:
> If I explicitly override the default, by explicitly requesting 'clear',
> because
> my requirements explicitly need this ability, then I must change the code to
> get rid of the warning? Ahh, but it's for the 'simple', who must be guided,
> and c
From: "Simon Wilcox" <[EMAIL PROTECTED]>
> Matt S Trout wrote:
>> On Mon, Oct 27, 2008 at 03:51:49PM -0700, Darren Duncan wrote:
>>> Zbigniew Lukasiak wrote:
* Your passwords are stored in the 'password' field in your users
table and are not encrypted.
>>> This is always a bad idea. I
Matt S Trout wrote:
On Mon, Oct 27, 2008 at 03:51:49PM -0700, Darren Duncan wrote:
Zbigniew Lukasiak wrote:
* Your passwords are stored in the 'password' field in your users
table and are not encrypted.
This is always a bad idea. If someone ever gets direct database access,
they now know e
I think a good approach is to have safer more secure defaults, and
if users explicitly turn those off then have relevant warnings on by
default, and if users really know what they're doing then they can
explicitly turn those off.
For example, users can have an explicit
no_warnings_plaintext_pas
Jason Kuri wrote:
If I explicitly override the default, by explicitly requesting
'clear', because my requirements explicitly need this ability, then
I must change the code to get rid of the warning? Ahh, but it's for
the 'simple', who must be guided, and can't be bothered to read the
warnings in
If I explicitly override the default, by explicitly requesting
'clear', because my requirements explicitly need this ability, then
I must change the code to get rid of the warning? Ahh, but it's for
the 'simple', who must be guided, and can't be bothered to read the
warnings in the text so bonk'e
At 07:13 PM 10/27/2008, Jason Kuri wrote:
I made the default 'clear', as the tutorial uses 'clear' and it is the
least likely to cause failure of auth for those just coming to
catalyst / going through the tutorials. The password_type config
option allows changing it to something more reasonable
I made the default 'clear', as the tutorial uses 'clear' and it is the
least likely to cause failure of auth for those just coming to
catalyst / going through the tutorials. The password_type config
option allows changing it to something more reasonable for production
use.
Matt and I discussed a
On Mon, Oct 27, 2008 at 02:24:14PM +0100, Zbigniew Lukasiak wrote:
> Another question - have you thought about using
> http://search.cpan.org/~groditi/DBIx-Class-EncodedColumn-0.2/lib/DBIx/Class/EncodedColumn.pm
> (or the older DigestColumn) to simplify the interface?
You can pass 'self_check'
On Mon, Oct 27, 2008 at 03:51:49PM -0700, Darren Duncan wrote:
> Zbigniew Lukasiak wrote:
> >* Your passwords are stored in the 'password' field in your users
> >table and are not encrypted.
>
> This is always a bad idea. If someone ever gets direct database access,
> they now know each user
Zbigniew Lukasiak wrote:
* Your passwords are stored in the 'password' field in your users
table and are not encrypted.
This is always a bad idea. If someone ever gets direct database access, they
now know each user's mindset as to how they choose passwords, and can
subsequently login to
Hi Zbigniew,
You are correct. I made some last-minute changes to the config
options and neglected to update the doc. Shame on me.
A 0.1081 is on it's way to CPAN.
You need to specify the model name that represents a user. The config
field is 'user_model' (was user_class.)
And re: EncodedCo
Hi,
I've looked at the documentation:
The SimpleDB Realm class configures the Catalyst authentication system
based on the following:
* Your user data is stored in a table that is accessible via
$c->model('User');
* Your passwords are stored in the 'password' field in your users
table and
Hey all,
Catalyst authentication configuration just got a whole lot easier.
I just released two updates to CPAN that will make Auth configuration
much much easier for the 'average' case where you have user data
stored in an SQL database and you are using passwords for
authentication.
Now, the '
15 matches
Mail list logo