Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Ticket #241 (closed enhancement: fixed)

Opened 13 years ago

Last modified 12 years ago

[PATCH] identity doesn't easily allow for md5 or sha hashing of passwords

Reported by: zanesdad@… Owned by: anonymous
Priority: normal Milestone: 0.9
Component: Identity Version:
Severity: normal Keywords:
Cc:

Description

When you decorate a method to allow identity to authenticate and authorize a user to view the resource, the decorating function intercepts the user's username and password. This doesn't allow easily for performing an md5 or sha hash of the password between the time the user offers the password and the time identity checks the user-offered password to what is stored in the database. This patch allows a user to specify which encryption mechanism to use with a single configuration entry. If no encryption is specified, none is used. I have a patch, but Trac is mangling it. Maybe there is a way to attach it to this ticket?

Here is an example from the [global] section of my config file:

identity.encryption="md5"

Attachments

identity_encryption.diff Download (1.2 KB) - added by zanesdad@… 13 years ago.
Patch to allow md5 and sha hashing of passwords in identity

Change History

Changed 13 years ago by zanesdad@…

Patch to allow md5 and sha hashing of passwords in identity

comment:1 Changed 13 years ago by anonymous

  • Summary changed from identity doesn't easily allow for md5 or sha hashing of passwords to [PATCH] identity doesn't easily allow for md5 or sha hashing of passwords

comment:2 Changed 13 years ago by kevin

  • Status changed from new to closed
  • Resolution set to fixed

Jeff Watkins has committed code to do this.

Note: See TracTickets for help on using tickets.