Hi Niphlod, I used your method but the downside is that I have a plain text password stored in my application then, I'm not really aware how secure it is to do so, is there a way for an attacker to extract this info ?
On Wednesday, November 18, 2015 at 3:09:08 PM UTC-5, Niphlod wrote: > > you can't really serialize a connection. you can serialize the plain > password and then create a new one, using the credentials the user gave you. > > On Wednesday, November 18, 2015 at 7:54:56 PM UTC+1, Jonathan R wrote: >> >> Hi, >> I'm still working on an app connecting on a ldap server using the >> credentials provided at login time by the user (in the webapp) and my >> objective is to bind once to the ldap server right after login and use this >> bind to make the different query requested by the user. >> I bind using a custom function added to the list : >> >> auth.settings.login_onaccept >> >> I tried to use session to pass it to the app : >> my code looks like : >> >> def ldap_connect : >> >> # create a simpleLDAPObject named *con* >> >> # initialize this object >> >> # use username and password provided to bind >> >> # here comes the problem: make the con object available outside this >> function as long as the user is logged in >> # I tried different flavor of : (session.con , session.vars.con, >> session.vars[con]) the issue is not on the syntax >> >> session['con'] = con >> >> This send an internal error while processing the functions: >> session.try_store_in ... [cookie_or_file, file] and return a Pikling Error >> Can't pikle <type 'thread.lock' >: attribute lookup thread.lock failed. >> >> I suppose this is why there is a section called "Don't store user defined >> object in session' in the book, my question is then where should I store it >> ? >> >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
