Serving files with pyramid-1.3

2012-09-21 Thread yorjo
Hi, With pyramid-1.2 and older, I was serving files with the paste.fileapp.FileApp object. Now that pyramid-1.3 has drop paste, what is the correct way to serve files? I had a route like this one: config.add_route("tool.download", "/tool/download/{label}.tgz") Linked to a view that return the f

Re: Serving files with pyramid-1.3

2012-09-21 Thread Michael Merickel
http://docs.pylonsproject.org/projects/pyramid/en/1.3-branch/api/response.html#pyramid.response.FileResponse On Fri, Sep 21, 2012 at 11:39 AM, yorjo wrote: > Hi, > > With pyramid-1.2 and older, I was serving files with the > paste.fileapp.FileApp object. > Now that pyramid-1.3 has drop paste, wha

Re: AuthTktAuthenticationPolicy using MD5

2012-09-21 Thread Jonathan Vanasco
> > Additionally you could provide help on how to generate such a secret (but > that's extra candy). I have looked through various parts of the > documentation and it is always set to something like 'seekrit' and similar, > but it is never mentioned how to make sure that this is secure. > fwiw

Re: AuthTktAuthenticationPolicy using MD5

2012-09-21 Thread Domen Kožar
For generating secrets it's important to discourage usage of random module, but use something like: secret = ''.join('%02x' % ord(x) for x in os.urandom(128)) On Fri, Sep 21, 2012 at 7:50 PM, Jonathan Vanasco wrote: > Additionally you could provide help on how to generate such a secret (but

Re: AuthTktAuthenticationPolicy using MD5

2012-09-21 Thread Daniel Holth
On Fri, Sep 21, 2012 at 1:54 PM, Domen Kožar wrote: > For generating secrets it's important to discourage usage of random module, > but use something like: > > secret = ''.join('%02x' % ord(x) for x in os.urandom(128)) Great wordpress site! Secrets transmitted in the clear without mandatory S

Re: AuthTktAuthenticationPolicy using MD5

2012-09-21 Thread Domen Kožar
Agreed. For that reason, I'd just use session authentication policy and TLS without decompression. On Fri, Sep 21, 2012 at 8:26 PM, Daniel Holth wrote: > On Fri, Sep 21, 2012 at 1:54 PM, Domen Kožar wrote: > > For generating secrets it's important to discourage usage of random > module, > > but

Re: AuthTktAuthenticationPolicy using MD5

2012-09-21 Thread Vlad K.
On 09/21/2012 07:50 PM, Jonathan Vanasco wrote: i think most of the application scaffolds will generate a secret - but it might be useful feature to just have a secret-key generator on the pylonsproject.org site and referenced in the docs. How about a script that's part of the framework itse