Well, based on the patch which I'm still hoping to check in tonight,
validate_identity will automatically MD5 or SHA the provided password
before comparing it against the database.
You shouldn't have to do anything.
On 19 Dec, 2005, at 10:57 pm, Jeremy Jones wrote:
I'm trying to get identity working and am hitting a bit of a
glitch. I've got a user stored in my database, associated with a
group, and I can log in as him, but I've got the password in the
clear in the database. I can't figure out how to pass in an
encrypted password. I have this decorator decorating the desired
method:
@identity.require(group="user")
I have a standard form getting username/password and POSTing back
to the desired resource that's decorated above. From what I can
tell from the source to identity, I'm apparently not the one
handing the username/password: validate_identity in soprovider.py is.
So, what is my best option for taking a password from a user,
MD5ing it, and matching it up against what is in the database? Am
I going to have to MD5 the password using a javascript library
before I pass it in? Or is there a better way?
- jmj
