#17 username/password authentication w/ SHA

closed
None
5
2003-11-19
2002-11-14
No

Hi,
I've noticed the earlier user/password authentication
patch posted here, and liked the idea (though not all
aspects of the implementation).

Here's a new patch (based on the older one) that
- works with CVS of about a week ago (didn't try today's)
- doesn't store plaintext passwords anymore (uses SHA
hashes)

Discussion

1 2 > >> (Page 1 of 2)
  • Logged In: YES
    user_id=15538

    I'm attaching an updated version of this patch, fixing 1
    typo and 1 thing I overlooked when porting the old patch to
    current CVS (current.text -> _ in the user name already
    exists error message)

     
    • assigned_to: nobody --> jhermann
     
  • Logged In: YES
    user_id=15538

    I'm attaching another new version:
    - Verified to work with today's CVS
    - Allows users to change passwords
    - Password repeat prompt when creating an account or
    changing passwords
    - shortens cookie expiration times - you typically don't
    want non-expiring
    cookies for authenticated accounts

    I'm not yet fully satisfied with the last part (cookie
    expiration time); this should be configurable (like
    Sourceforge's Remember Me checkbox, or maybe "if the user
    has set a password, expire soon; if the user uses just the
    ID cookie, don't expire") - but the rest of the patch should
    be ok.

     
  • Logged In: YES
    user_id=15538

    Attaching yet another new version, adding a Sourceforge-like
    Remember Me button determining the expiration time of the
    login cookie.

     
  • Logged In: YES
    user_id=15538

    Patch updated to current CVS

     
1 2 > >> (Page 1 of 2)