[Enh] Pier-ExternalLogin
Jason Johnson
jason.johnson.081 at gmail.com
Fri Aug 17 07:12:06 MEST 2007
If you are making a framework for this part then one thing to consider
is passwords. Most frameworks leave this up to the user, so the user
does the simplest thing they can: they store plain text passwords.
You can tell these sites because when you forget your password and
press the password recovery link they send you your password directly
(ironically, pgp.com does this too!).
Obviously if the password is stored in plain text, then once your site
is hacked all your user's passwords will be known. This wont make
your users happy. So it would be nice to have some kind of password
object or something that always does some kind of one-way encryption
on the passwords (e.g. using MD5).
It would be nice as well for something to do the whole password
recovery stage as well, since this always works the same: user clicks
a link, gets an email forwarded that points to a secure site where
they can type in a new password, since passwords are not recoverable.
Just something to think about.
On 8/17/07, Keith Hodges <keith_hodges at yahoo.co.uk> wrote:
> A small framework to enable external validation plugins to be added and
> configured for Pier Login.
>
> I am using this with a plugin (not included yet) which validates the
> user/pass against a MYSQL query, then it logs in this user using an
> internally defined pier-user (or as I call it a "role") as a template.
>
> Finally I perform a second query to obtain a UserData record, and a
> potential invalidation is performed on "any other criteria", such as an
> account expiry date.
>
> You add your plugin by subclassing PUExternalValidationPlugin, and
> select the plugin to use in the application configuration.
>
> Finally your plugin gets the opportunity to customize the Login Dialog's
> descriptions. This enables you to customize the presentation of the
> dialog if you add Magritte-ComponentDecoration 's. You should also be
> able to add extra fields, though I leave this as an exercise for the reader.
>
> enjoy
>
> Keith
>
> _______________________________________________
> SmallWiki, Magritte, Pier and Related Tools ...
> https://www.iam.unibe.ch/mailman/listinfo/smallwiki
>
More information about the smallwiki
mailing list