Re: [Repoze-dev] Creating a custom index

2009-05-20 Thread Tres Seaver
Millie Ngoka wrote: > Does anyone have any experience setting up a custom index, that can be used > to install versions of specific libraries. I'm attaching the script we use for building an index from a directory full of tarballs. It creates a subdirectory, 'index', which serves as the target fo

Re: [Repoze-dev] Creating a custom index

2009-05-20 Thread Chris McDonough
We use a derivative of http://pypi.python.org/pypi/basketweaver/0.1.2-r6 for this. - C On 5/20/09 6:17 PM, Millie Ngoka wrote: > Does anyone have any experience setting up a custom index, that can be used > to install versions of specific libraries. > > Millie > > > > ---

[Repoze-dev] Creating a custom index

2009-05-20 Thread Millie Ngoka
Does anyone have any experience setting up a custom index, that can be used to install versions of specific libraries. Millie ___ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev

[Repoze-dev] [issue85] Repoze.who should support salted hashes for the sqlauthenticator

2009-05-20 Thread Douglas Mayle
Douglas Mayle added the comment: Hopefully, the last of the unit tests that don't work properly in Python 2.4 __ Repoze Bugs __ repozewho_salted_hashes_with_bcrypt.diff Description: Binary data __

[Repoze-dev] [issue85] Repoze.who should support salted hashes for the sqlauthenticator

2009-05-20 Thread admin
System message: __ Repoze Bugs __ ___ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev

[Repoze-dev] [issue85] Repoze.who should support salted hashes for the sqlauthenticator

2009-05-20 Thread admin
System message: __ Repoze Bugs __ ___ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev

[Repoze-dev] [issue85] Repoze.who should support salted hashes for the sqlauthenticator

2009-05-20 Thread admin
System message: __ Repoze Bugs __ ___ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev

[Repoze-dev] [issue85] Repoze.who should support salted hashes for the sqlauthenticator

2009-05-20 Thread admin
System message: __ Repoze Bugs __ ___ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev

[Repoze-dev] [issue85] Repoze.who should support salted hashes for the sqlauthenticator

2009-05-20 Thread Douglas Mayle
Douglas Mayle added the comment: Whoops, bad unittest passed through because I was testing in Python 2.5 __ Repoze Bugs __ repozewho_salted_hashes_with_bcrypt.diff Description: Binary data ___

[Repoze-dev] [issue58] Repoze.who does not allow identity to be set programmatically

2009-05-20 Thread Chris McDonough
Chris McDonough added the comment: What you ended up doing is the "recommended standard" right now. Thanks for the report. -- status: chatting -> resolved __ Repoze Bugs __ __

[Repoze-dev] [issue85] Repoze.who should support salted hashes for the sqlauthenticator

2009-05-20 Thread Douglas Mayle
Douglas Mayle added the comment: New version of the patch which also supports blowfish hashes when bcrypt is installed, and uses pycrypto on python < 2.5 for sha256 support. This patch superseded the previous two patches. __ Repoze Bugs

[Repoze-dev] [issue73] repoze.who IAuthenticator cannot report the reason for authentication failure

2009-05-20 Thread Chris McDonough
Chris McDonough added the comment: Note that you can use the "identity" or "environ" passed in to an authenticator as a scratchpad to communicate with other plugins (such as the challenger). -- status: unread -> resolved __ Repoze Bugs

[Repoze-dev] [issue74] repoze.who form plugins have no obvious way to show "logged out" or "login failed" messages

2009-05-20 Thread Chris McDonough
Chris McDonough added the comment: Form plugins will be deprecated for common use in the next release of r.who, FWIW. It's much easier to tell people to return a login form as their "unauthorized" response rather than trying to "challenge" based on a 401 response from the application and do arb

[Repoze-dev] [issue75] repoze.who should document logging.Logger support

2009-05-20 Thread Chris McDonough
Chris McDonough added the comment: Fixed in r4790 of the trunk, thank you. -- status: unread -> resolved __ Repoze Bugs __ ___ Repoze-dev mailin

[Repoze-dev] [issue77] repoze.who metadata plugin is called on every request

2009-05-20 Thread Chris McDonough
Chris McDonough added the comment: You can currently write your own metadata plugin which could try to get info from a cookie value first, then the database. Or better yet, retrieve the data from cache instead of the database or a cookie. But in general, yes, the "eagerness" of repoze.who to p

[Repoze-dev] [issue82] Add HashFormPlugin - JavaScript hashing

2009-05-20 Thread Chris McDonough
Chris McDonough added the comment: We're actually trying to encourage people to release plugins in separate packages these days. This is a good candidate. I'm going to mark this one as "resolved" as a result, although really the task is to create a separate Python package that houses the hash

[Repoze-dev] [issue80] [patch] advise against using include_ip

2009-05-20 Thread Tres Seaver
Tres Seaver added the comment: Duplicates #81, already closed. -- status: unread -> resolved __ Repoze Bugs __ ___ Repoze-dev mailing list Repoz

Re: [Repoze-dev] SQLAuthenticator Plugin...

2009-05-20 Thread David Turner
Doug's analysis of the patch is right on, but he doesn't go far enough. 1. The author of the patch clearly thinks that security consists of sprinkling magic SHA-1 HMAC challenge response pixie dust over the code in a random fashion. This means that any revised patch must be viewed with suspicion.

[Repoze-dev] [issue79] [patch] Some tests fail on Windows

2009-05-20 Thread Tres Seaver
Tres Seaver added the comment: Fix committed in r4788. -- assignedto: -> tseaver nosy: +tseaver status: in-progress -> resolved __ Repoze Bugs __ _

[Repoze-dev] [issue79] [patch] Some tests fail on Windows

2009-05-20 Thread Paul Johnston
Paul Johnston added the comment: Yep, works a treat __ Repoze Bugs __ ___ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/lis

[Repoze-dev] [issue79] [patch] Some tests fail on Windows

2009-05-20 Thread Tres Seaver
Tres Seaver added the comment: Does adding a call to 'logging.shutdown()' at the end of that testcase make Windows happy? __ Repoze Bugs __ ___ Repoze-de

[Repoze-dev] [issue79] [patch] Some tests fail on Windows

2009-05-20 Thread Paul Johnston
Paul Johnston added the comment: Nearly there... you hit the same problem I did. We need to close the log file. ERROR: test_sample_config_w_log_file (repoze.who.tests.test_config.TestConfigMid dleware) -- Traceback (most recent

Re: [Repoze-dev] SQLAuthenticator Plugin...

2009-05-20 Thread Paul Johnston
Hi, > I've had a look at your patch, and I've noticed a couple of security > holes...  If your only desire is to prevent eavesdropping of passwords, I > suggest you use SSL, as this is a system that actually works (if used > correctly). Although it has limitations, some people want this feature.

[Repoze-dev] [issue82] Add HashFormPlugin - JavaScript hashing

2009-05-20 Thread Douglas Mayle
Douglas Mayle added the comment: I've commented on this patch on the mailing list, but wanted to make sure my concerns were recorded here: * `if cleartext_password.startswith('{SHA}'):` The hashing system is entirely optional at the client level, so you don't provide password protection for

Re: [Repoze-dev] SQLAuthenticator Plugin...

2009-05-20 Thread Douglas Mayle
I've had a look at your patch, and I've noticed a couple of security holes... If your only desire is to prevent eavesdropping of passwords, I suggest you use SSL, as this is a system that actually works (if used correctly). For each issue, I'll address the problem as if it stands apart to gi

[Repoze-dev] [issue81] [patch] advise against using include_ip

2009-05-20 Thread Tres Seaver
Tres Seaver added the comment: I have checked in a modified version of this patch (I put the advisory in an ReST '.. note::'). -- assignedto: -> tseaver nosy: +tseaver status: resolved -> chatting __ Repoze Bugs ___

[Repoze-dev] [issue79] [patch] Some tests fail on Windows

2009-05-20 Thread Tres Seaver
Tres Seaver added the comment: I plan to check in an alternate patch which uses 'tempfile.mkdtemp', with appropriate cleanup of the tempdir. Can you confirm that it works for you on Windows? __ Repoze Bugs __