> 1) where's the tests? auth is pretty important... shoudl have some tests.
You're totally right. I'll check that. > 2) what's with user.user_id, permission.permission_code_name , etc. > including the table name in the column is redundant. (or is that > preferred style now?) Humm... I used the style because of another project I was working on. Maybe I should just use user.id, etc. What do people think? > also, did i miss it or where does one set the salt? i was looking for > that in the config The salt isn't system wide but randomly generated per user and stored with the hash. The user_password is a string in this format: $hashtype$repetitions$salt$hash (When bcrypt is the hash function, the format is actually $hashtype $repetitions$salthash because the algorithm itself takes care of the salting). Storing the salts this way isn't weaknesses because their only function is to prevent a precalculated hashes attack. By storing the hashtype you can easily change the hash function and the "old" passwords will continue to work (they'll be converted automatically to the new style the first time check_password() works correctly for a given user). --JPS On 22 oct, 11:47, "Brent Pedersen" <[EMAIL PROTECTED]> wrote: > i just looked at source briefly, i like the auth.* decorators and the > ability to add a custom test. i'll be using it in next couple weeks > instead of my own hacked up version. > > if i were to nitpick: > 1) where's the tests? auth is pretty important... shoudl have some tests. > 2) what's with user.user_id, permission.permission_code_name , etc. > including the table name in the column is redundant. (or is that > preferred style now?) > > also, did i miss it or where does one set the salt? i was looking for > that in the config > > -brent > > On Wed, Oct 22, 2008 at 9:31 AM, Juan Pablo Scaletti > > <[EMAIL PROTECTED]> wrote: > > > :D Any question | suggestion | angry rant? > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web.py" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/webpy?hl=en -~----------~----~----~----~------~----~------~--~---
