Mail Index

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ApacheGallery] Proposal for an admin site

On Thu, Mar 07, 2002 at 04:03:05PM -0500, Paul Vallee wrote:
> Hello everyone,
> I'm having trouble accessing the cvs repository (no doubt my own lame fault,
> but there you have it!). So instead of stalling any longer, here's the diff
> patch and the new copy of, attached.

You're using ssh right? Tried doing it from the machine the repository is

> If any of you have cvs access and are willing, please go ahead and upload
> it. Michael has already given me permission to bang it in before an intense
> QA, I guess his feeling is that problems can be fixed afterwards.

As long as we don't release any untested code it should be fine, that is what
-dev is for anyway ;)

> This implements authentication, rotation and the editing of annotation files
> on the server.
> Feedback welcomed and appreciated, and cheers!

From looking at the code I just have one tiny question, why don't we
build the form with help of CGI::FastTemplate so we don't hardcode it
into the program? (This is not a requirement from my side and could
always be implemented later). And for the MD5 part:

The "MD5" module is depreciated.  Use "Digest::MD5" instead. (perldoc MD5)

(and using the hexhash method instead of using unpack to convert it to
hex might be a good idea too). Should we furthermore let the user set a
secret so it's gonna be even harder breaking the "encryption" of the
cookie. Like:
MD5->hexhash('USERDEFINEDSECRET' . MD5->hexhash($password));

> Paul (30 years old today!)


Thomas (1 year wedding anniversary today!)

  Thomas Eibner <> DnsZone <>
  mod_pointer <> <>
  !(C)<>                  <>
          Putting the HEST in .COM <>

Apache::Gallery users mailinglist.
To unsubscribe, e-mail: [email protected]