Understood. Still that old trade-off zeroconf/simple but might-be-vulnerable VS. secure but "complex".
Anyway I think the table should be split, with "user private" data separate from "system security" data. So people could extend / ALTER TABLE / whatever to add/change fields on the second table with no impact on the basic provider code because is data is insulated. Jeff Watkins wrote: > The goal of the Identity framework is to provide a usable system out > of the box. This includes the fields most applications are likely to > use. I recognise this isn't the ideal for everyone, but it allows > developers to be productive quickly. > > At some point I hope to put together a nice admin interface for > identity, which will work with the default model. This means > developers can get going without any real code. > > On 7 Jan, 2006, at 5:18 pm, Olivier Favre-Simon wrote: > >> Entirely agreed. >> >> Basic auth must be _basic_ => id+passwd >> >> >> Not just display name but all personal data has nothing to do with >> security and is fully application-specific. >> >> This holds for the email field. >> >> >> Identity is working good but may be some of the most security-aware >> readers of this ML should help here: Even a good implementation doesn't >> shield against all pitfalls when it comes to security. >> >> >> >> Justin Johnson wrote: >>> >>> >>> While browsing through the source for up and coming 0.9, I've noticed >>> the following TG_User comment: >>> >>> ''' >>> Reasonably basic User definition. Probably would want additional >>> attributes. >>> ''' >>> >>> Does this mean that the intention is to further add attributes? As a >>> suggestion - that might not be desirable. >>> >>> For example, I'm working on a system where I already have a User class >>> that contains id, password, email and creation date. Basic stuff. >>> >>> I'm representing further user information such as gender, date of >>> birth, location etc through a separate table. My User model really >>> just acts as the gate keeper data to the system and is minimal. >>> >>> Now, TG_User also has 'displayName' which is a 255 length description >>> field! On my set up I'd put that in my separate table. Some apps >>> wouldn't have any use for it at all. >>> >>> This is application dependent and my feeling is that the identity >>> system should just provide the absolute minimum to incorporate security. >>> >>> Would it be possible to have this so that you can specify your own >>> User model? >>> >>> Otherwise, great job and I look forward to using it! :) >>> >>> >>> >> > > -- > Jeff Watkins > http://newburyportion.com/ > >
signature.asc
Description: OpenPGP digital signature
