just finished writing a motp (http://motp.sourceforge.net/) authentication plugin for web2py. Where do i contribute this code? I would appreciate if some one tests this and gives me some feedback.
I have uploaded the code to Google code. project is https://web2py-motp-auth.googlecode.com you can see the source here - https://code.google.com/p/web2py-motp-auth/source/browse/motp_auth.py Some questions I had: - is there any way to prevent web2py from storing the password in the DB after a successful alternate login. One you authenticate with motp. the motp password gets stored in the db. OTP means having an ever changing password. - does web2py have a standard AES api? i would like to (symmetrically) encrypt the stored motp pin and motp secret. Or is it better i just use a external python library? - as of now the user database and user field is hard-coded to use auth_user table and email field respectively. How can i make this variable? (so a user can pass some other database table or field) i also want to implement google authenticator (https://code.google.com/ p/google-authenticator/) auth for web2py. This is another OTP solution. However for google authenticator, you need to use both your site password and the OTP.. so a custom login for would be needed. Would be great solution where that extra bit of security is needed. I personally use google authenticator for my google accounts, and i think the added security is a boon. Would also appreciate your thoughts and comments on OTP in general thanks web2py community.. :)
