Hi,
Ok, I have created repoze-who-jscrypto, a separate plugin to repoze.who
that does JavaScript cryptography. As a few people have pointed out,
this isn't as strong as SSL, but IMHO it is better than no encryption.
It's on Googlecode at http://code.google.com/p/repoze-who-jscrypto/ No
plans
New submission from Paul Johnston paul@gmail.com:
To reproduce:
1) Create a simple app using repoze.who, with FormPlugin and AuthTktPlugin,
running on 127.0.0.1:8000
2) Using Opera, browse to the app and login with valid details
3) You will be redirected back to the login screen, despite
Paul Johnston paul@gmail.com added the comment:
This could be a dupe of issue66
--
status: unread - chatting
__
Repoze Bugs b...@bugs.repoze.org
http://bugs.repoze.org/issue89
Hi,
I've put a patch on the ticket http://bugs.repoze.org/issue83
To avoid the issue of the default to set, and for
backward-compatibility, this patch defaults to no timeout.
Paul
___
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
Paul Johnston paul@gmail.com added the comment:
Ok, I've produced a patch for this, let me know what you think.
--
status: unread - chatting
__
Repoze Bugs b...@bugs.repoze.org
http://bugs.repoze.org/issue83
__Index
Paul Johnston paul@gmail.com added the comment:
Nearly there... you hit the same problem I did. We need to close the log file.
ERROR: test_sample_config_w_log_file (repoze.who.tests.test_config.TestConfigMid
dleware
Hi,
I've had a look at your patch, and I've noticed a couple of security
holes... If your only desire is to prevent eavesdropping of passwords, I
suggest you use SSL, as this is a system that actually works (if used
correctly).
Although it has limitations, some people want this feature. I'm
Paul Johnston paul@gmail.com added the comment:
Yep, works a treat
__
Repoze Bugs b...@bugs.repoze.org
http://bugs.repoze.org/issue79
__
___
Repoze-dev mailing list
Repoze-dev
Paul Johnston paul@gmail.com added the comment:
Ok, here's the patch. Potential bad interaction with ticket 85 - see discussion
on list
__
Repoze Bugs b...@bugs.repoze.org
http://bugs.repoze.org/issue82
__
hashform.patch
Paul Johnston paul@gmail.com added the comment:
Just updated to latest code base and the problem is a bit worse. working on a
new patch
--
status: unread - in-progress
__
Repoze Bugs b...@bugs.repoze.org
http://bugs.repoze.org/issue79
Paul Johnston paul@gmail.com added the comment:
Here's a test app you can use to try it out
__
Repoze Bugs b...@bugs.repoze.org
http://bugs.repoze.org/issue82
__import webob as wo, wsgiref.simple_server as wrs, sqlite3, sha
Hi,
Ok, as promised, here's the patch to add JavaScript hashing
http://bugs.repoze.org/issue82
Hope someone can look at this soon,
Paul
___
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev
Hi,
I am going to have a go at adding a new authentication method to
repoze.who. It's like the standard forms authentication, but uses
JavaScript hashing to protect the password as it is transmitted.
There's information about the scripts here, explaining how the system
works, how it avoids
Hi,
Ok, I've had a little look at how I could implement the JavaScript
hash login. I'll create a HashFormPlugin that is a challenger and an
identifier. As for the Authenticator, maybe I'll create a new
SQLHashAuthenticatorPlugin, or maybe I'll just provide a
default_hash_compare function to pass
14 matches
Mail list logo
