[Coquelicot] Patchset: add multiuser/pass auth module, add missing i18n tags, add Greek .po

Lunar lunar at anargeek.net
Fri Dec 16 13:00:52 CET 2016


Hi Rowan,

Months have passed since your patch. Seems life keep getting in the way.
Please accept my apologies, and thanks again for your contributions.

Anyway, I like your new authentication method but I felt a bit uneasy
when I read:

> +++ b/conf/settings-userpass.yml
> +    abdul: "0873d391e987982fbbd3a94a8fe5ccb19ba61c4c"
> +
> +  # SHA1 of the pre-shared password

I think the SHA1 pre-shared password was good enough for “simplepass”
because an attacker would not learn much. But once access starts to be
tied to specific users, I'd rather have something that would resist a
bit more if credentials were stolen.

Would you be ok if I'd rework the patch to use String#crypt?
The code could eventually fall back on the unix-crypt gem to support
more platforms if required.

-- 
Lunar
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://listes.potager.org/pipermail/coquelicot/attachments/20161216/6a7a05eb/attachment.sig>


More information about the Coquelicot mailing list