Re: [Semanticscuttle-devel] Git on sourceforge filled / release task for Eric
Brought to you by:
cweiske
Menu
▾
▴
Re: [Semanticscuttle-devel] Git on sourceforge filled / release task for Eric
|
From: Mark P. <mpe...@gm...> - 2011-01-22 22:50:10
|
Thanks for the reply Christian. Question about something you added to the Feature Request about giving them partial access if authenticated via the private key. My thought is to give them full access but put some code in the authentication method with maxtries or something to thwart hacks. I could go either way on this, so let me know what you think. On Sat, Jan 22, 2011 at 5:02 PM, Christian Weiske <cw...@cw...>wrote: > Hi Mark, > > > > 1) alter user table to include "privateKey" as varchar(32) with > > unique index > Yep. > > > 2) alter user db model to include new column > I don't know if it's necessary; the user model is not used much yet > IIRC. > > > 3) alter user service, specifically function getCurrentUserId() to > > include looking at URL for &privatekey= > > > 4) alter api/* scripts to include privatekey auth > Changing www/api/httpauth.inc.php should suffice, and the rss.php file. > Maybe it should also just use the httpauth.inc.php file, but not > require authentication (unlike the api files do); only use it to get > login data if they are passed. > > > 5) alter template/profile.php and template/user.php to allow user to > > see and possibly alter the 32 length key. Validation is definitely > > required (len=32 and unique) > I would not let the user manually enter a new key. Regenerating it is a > better alternative. md5() returns 32 char strings. If you combine > time() + rand() + a salt, you'll get pretty unique keys :) > > > 6) create upgrade script to fill new column with values > perhaps you can get mysql to do that automatically and just add the > SQL command to doc/upgrade.txt > > > I'm assuming it'll need to be alpha(upper and lower)+numeric value? > md5 only returns numbers + lowercase letters, so this suffices. > > > > PS: Please send the mail to the list only, so everyone can participate > and I don't get doubles :) > > -- > Regards/Mit freundlichen Grüßen > Christian Weiske > > -=≡ Geeking around in the name of science since 1982 ≡=- > > > ------------------------------------------------------------------------------ > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! > Finally, a world-class log management solution at an even better > price-free! > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > February 28th, so secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsight-sfd2d > _______________________________________________ > Semanticscuttle-devel mailing list > Sem...@li... > https://lists.sourceforge.net/lists/listinfo/semanticscuttle-devel > > |
