[Catalyst] ANNOUNCE: SimpleDB - Auth configuration made easy

Matt S Trout dbix-class at trout.me.uk
Thu Nov 13 20:29:46 GMT 2008

On Mon, Oct 27, 2008 at 11:57:00PM -0600, Jason Kuri wrote:
> You can get clear passwords with no warnings by dropping SimpleDB for
> configuration purposes and using a 'standard' auth config that looks
> like this:

Which hides the badness.

Frankly I'd like to see -all- of authentication warn on cleartext passwords
unless you add some (preferably long) config option like
"insecure_password_storage_ok". The best thing about this is it makes it
obvious to a -maintainer- that their predecessor did this.

Remember that the person who benefits from seeing that that option has
been turned on may not be the person who originally turned it on.

      Matt S Trout       Need help with your Catalyst or DBIx::Class project?
   Technical Director                    http://www.shadowcat.co.uk/catalyst/
 Shadowcat Systems Ltd.  Want a managed development or deployment platform?
http://chainsawblues.vox.com/            http://www.shadowcat.co.uk/servers/

More information about the Catalyst mailing list