[Catalyst] ANNOUNCE: SimpleDB - Auth configuration made easy
Jason Kuri
jayk at ion0.com
Tue Oct 28 05:57:00 GMT 2008
> I think a good approach is to have safer more secure defaults, and
> if users explicitly turn those off then have relevant warnings on by
> default, and if users really know what they're doing then they can
> explicitly turn those off.
>
> For example, users can have an explicit
> no_warnings_plaintext_password or some such where warnings are
> turned on by default and off explicitly.
>
> Generally speaking, those who know enough to handle less safe things
> also know enough how to ask the system to let them do those things.
> People who don't know well enough for one aren't likely at the same
> time have to know to ask the system for help in pointing out unsafe
> behaviour so they're in trouble if unsafe is the default. For
> people who do know things, having safe defaults is still good for
> working together with their desire to be lazy.
Those who know enough to handle less safe things shouldn't be afraid
to use the 'standard' auth configuration, though, wouldn't you think?
You can get clear passwords with no warnings by dropping SimpleDB for
configuration purposes and using a 'standard' auth config that looks
like this:
MyApp->config('Plugin::Authentication') = {
default => {
credential => {
class => 'Password',
password_type => 'clear'
},
store => {
class => 'DBIx::Class',
role_relation => 'roles',
role_field => 'role',
use_userdata_from_session => '1',
user_model => $user_model_from_simpledb_config
}
}
};
So - why add it to the SimpleDB?
Jay
More information about the Catalyst
mailing list