[jifty-devel] Validating and encrypting passwords
Jesse Vincent
jesse at bestpractical.com
Wed Mar 28 14:02:10 EDT 2007
Have a look at the Password authentication plugin in the latest jifty
svn. We've finally got something that just does this for you. It even
hashes password for transmission over the wire :)
On Mar 28, 2007, at 6:34 AM, Henry Baragar wrote:
> Hello,
>
> The topic is really about the order in which "validate_column" and "
> before_set_column" get called, but the purpose is for implementing
> my own
> authentication module that validates that new passwords meet
> corporate policy
> and then encrypts them before storing them in the database.
>
> It seems to me that the correct place to put password encryption is
> in the
> "before_set_column" method, but this method gets called before
> "validate_column". This means that "validate_column" tries to
> validate the
> encrypted password (which does not work very well).
>
> What is the reasoning for running "before_set_column" before
> "validate_column"? (Particularly since there is a
> "canonize_column" that is
> called before "validate_column").
>
> If "before_set_column" is not the correct place to encrypt the
> password, then
> where should it be done?
>
> Regards,
> Henry
> _______________________________________________
> jifty-devel mailing list
> jifty-devel at lists.jifty.org
> http://lists.jifty.org/cgi-bin/mailman/listinfo/jifty-devel
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.bestpractical.com/pipermail/jifty-devel/attachments/20070328/afe07dd9/PGP.pgp
More information about the jifty-devel
mailing list