[jifty-devel] Validating and encrypting passwords

Jesse Vincent jesse at bestpractical.com
Wed Mar 28 14:02:10 EDT 2007

Have a look at the Password authentication plugin in the latest jifty  
svn. We've finally got something that just does this for you. It even  
hashes password for transmission over the wire :)

On Mar 28, 2007, at 6:34 AM, Henry Baragar wrote:

> Hello,
> The topic is really about the order in which "validate_column" and "
> before_set_column" get called, but the purpose is for implementing  
> my own
> authentication module that validates that new passwords meet  
> corporate policy
> and then encrypts them before storing them in the database.
> It seems to me that the correct place to put password encryption is  
> in the
> "before_set_column" method, but this method gets called before
> "validate_column".  This means that "validate_column" tries to  
> validate the
> encrypted password (which does not work very well).
> What is the reasoning for running "before_set_column" before
> "validate_column"?  (Particularly since there is a  
> "canonize_column" that is
> called before "validate_column").
> If "before_set_column" is not the correct place to encrypt the  
> password, then
> where should it be done?
> Regards,
> Henry
> _______________________________________________
> jifty-devel mailing list
> jifty-devel at lists.jifty.org
> http://lists.jifty.org/cgi-bin/mailman/listinfo/jifty-devel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.bestpractical.com/pipermail/jifty-devel/attachments/20070328/afe07dd9/PGP.pgp

More information about the jifty-devel mailing list