Giovannetti, Mark wrote:
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Martijn Pieters
def checkPassword(self, storedPassword, password):
salt = storedPassword[:len(storedPassword)-40]
return storedPassword == self.encodePassword(password, salt)
That'll capture any salt length as the sha.hexdigest output is always
40 characters long.
I like that update. However, it would fail authentication on
stored lengths less than 40. Yes, I know that a length less than
40 would mean an anomalous stored password, but at least we
guarantee a blank '' salt, rather than the possibility of getting
some of the last hex digits of the stored password due to
list wrap around.
Slices doesn't wrap around.
Might make debugging a problem just a little
easier, you never know.
Anyway:
def checkPassword(self, storedPassword, password):
salt = storedPassword[:max(0, len(storedPassword)-40)]
return storedPassword == self.encodePassword(password, salt)
With Python you can do things as simply as possible. :-) The expression
storedPassword[:-40] (which is equivalent to
storedPassword[:len(storedPassword)-40]) does exactly what you want:
>>> "password"[:-40]
''
--
Dmitry Vasiliev <dima at hlabs.spb.ru>
http://hlabs.spb.ru
_______________________________________________
Zope3-dev mailing list
Zope3-dev@zope.org
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
