Mail Index

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ApacheGallery] Proposal for an admin site

To: users@xxxxxxxxxxxxxxxx
Subject: Re: [ApacheGallery] Proposal for an admin site
From: Thomas Eibner <thomas@xxxxxxxxxx>
Date: Fri, 8 Mar 2002 21:22:54 +0100
Organisation: Stderr.Net - coming soon with an error near you
References: <20020303101717.GA2545@xxxxxxxxx> <02f401c1c475$04d94490$0aeda8c0@paul> <063401c1c496$944d0aa0$0aeda8c0@paul> <20020306095121.GB6283@xxxxxx> <06ae01c1c519$3f9554d0$0aeda8c0@paul> <20020306145517.GA10675@xxxxxx> <06fc01c1c51f$97c6f0e0$0aeda8c0@paul> <0c0c01c1c61b$7a157dd0$0aeda8c0@paul> <20020307222117.B41137@xxxxxxxxxxxxx> <0fe801c1c6dc$ae422600$0aeda8c0@paul>
Resent-date: Sun, 31 Aug 2003 10:12:20 +0200
Resent-date: Thu, 23 Jan 2003 18:53:45 +0100
Resent-from: allan@xxxxxxxxxx
Resent-from: alj@xxxxxxxxxx
Resent-message-id: <20030831081220.GJ7077@xxxxxxxxxxxxxxxxxxx>
Resent-message-id: <20030123175345.GP12971@xxxxxxxxxxxxxxxxxxx>
Resent-to: allan@xxxxxxxxxx
Resent-to: allan@xxxxxxxxxx
User-agent: Mutt/1.2.5i

On Fri, Mar 08, 2002 at 03:06:05PM -0500, Paul Vallee wrote:
> Hi Thomas,
> 
> Happy annivesary!
> 
> Thanks for your advice.
> 
> I've changed the software to use Digest::MD5 (very painless, thanks for the
> tip.)
> 
> I don't really understand your suggestion of an additional secret over and
> above the password, and why it improves security. Does the user define it at
> login, like a PIN? And if so, would I track the valid values in a local
> file? I understand how this improves security but if that's what you have in
> mind we might as well do (arbitrary database based?) multi-user
> authentication with expiring sessions, and track the sessionid in the cookie
> and the (database/file) rather than the password. I would prefer to leave
> that for later, unless you feel strongly about it. Let me know if I've
> misunderstood. Right now, the risk is manageable in my opinion, especially
> if the user "logs out", which zeros out the cookie.

I guess there's really not much reason to do it, after all it's only a
gallery and doesn't need to be extremly secure. And since people could
sniff network traffic and find the content of the cookie there anyway..

> I have studied the documentation for CGI::FastTemplate at
> http://theoryx5.uwinnipeg.ca/CPAN/data/CGI-FastTemplate/FastTemplate.html
> and I'm afraid I don't understand your suggestion of using it to avoid
> hard-coding the form. I am already using CGI to dynamically generate the
> form and CGI::FastTemplate to set a template variable for display. Perhaps
> you could help me to understand better what you have in mind? Even better,
> if it's not too arduous, by all means just fix it in my code if you like. I
> certainly wouldn't consider it meddling! ;-)

The only reason I thought it might be good doing it with CGI::FastTemplate
is that we already have the layout in templates. It would mean that the 
other Thomas would be able to change the look of the forms too (if he
desires).

> Please find the new Gallery.pm (using Digest::MD5) and the new diff
> attached.


-- 
  Thomas Eibner <http://thomas.eibner.dk/> DnsZone <http://dnszone.org/>
  mod_pointer <http://stderr.net/mod_pointer> <http://photos.eibner.dk/>
  !(C)<http://copywrong.dk/>                  <http://apachegallery.dk/>
          Putting the HEST in .COM <http://www.hestdesign.com/>

---------------------------------------------------------------------
Apache::Gallery users mailinglist. http://apachegallery.dk/
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx

References:
- Re: [ApacheGallery] Proposal for an admin site
  - From: Michael Legart
- Re: [ApacheGallery] Proposal for an admin site
  - From: Paul Vallee
- Re: [ApacheGallery] Proposal for an admin site
  - From: Paul Vallee
- Re: [ApacheGallery] Proposal for an admin site
  - From: Thomas Kjær
- Re: [ApacheGallery] Proposal for an admin site
  - From: Paul Vallee
- Re: [ApacheGallery] Proposal for an admin site
  - From: Thomas Kjær
- Re: [ApacheGallery] Proposal for an admin site
  - From: Paul Vallee
- Re: [ApacheGallery] Proposal for an admin site
  - From: Paul Vallee
- Re: [ApacheGallery] Proposal for an admin site
  - From: Thomas Eibner
- Re: [ApacheGallery] Proposal for an admin site
  - From: Paul Vallee

Prev by Date: Re: [ApacheGallery] Proposal for an admin site
Next by Date: Re: [ApacheGallery] Proposal for an admin site
Previous by thread: Re: [ApacheGallery] Proposal for an admin site
Next by thread: Re: [ApacheGallery] Proposal for an admin site
Index(es):
- Date
- Thread