I'm doing a C++ framework and i want to remotely login into web2py, for simplification libcurl style. Problem is that the bare login requires plain text or just base64 encoded password transmission, in short it is vulnerable to a man in the middle attack that may compromise the user passwords.
So what i want to achieve is to login into web2py in a method similar to what pandora uses, that is something like: l: login p: hash of (l+p) What would be the "patch" required to allow this kind of login into web2py ? I'm guessing adding an extra sha1 password Field in auth table, some onPassword_creation onPassword_modification, and the registration events.
