[Catalyst] authentication

shawn wilson ag4ve.us at gmail.com
Sat Mar 12 20:31:22 GMT 2011

On Sat, Mar 12, 2011 at 3:08 PM, Peter Edwards <peter at dragonstaff.co.uk>wro=

> On 12 March 2011 19:41, shawn wilson <ag4ve.us at gmail.com> wrote:
>> i am working on an app that allows users to access (and do some things)
>> with email. however, i want a method of storing their password that would
>> require them accessing the site in order for me to be able to decrypt. i=
>> thinking of encrypting it based on the key that
>> Catalyst::Plugin::Authentication uses to store credentials on their end.=
>> also thought that maybe i could store some other field in that cookie th=
>> maybe had a seed.
>> however, i was hoping that maybe someone would point out that this could
>> be done totally internal to that authentication module or maybe another
>> module does this? and maybe there's some sort of flaw in my ideas? or ma=
>> someone on here has done something similar they'd be willing to share?
> You haven't really given enough details of what you want to do for people
> to be able to give a good and secure answer.
> In general you need to create a token based upon a secure authentication
> (like the way OAuth does) and use that.
> However, it's not clear whether your token is passed in clear text or a
> breakable session (in which case you need a one time key) or something el=
> Of course email itself is insecure unless over SSL and even then a record=
> session could be broken in time.
> Regards, Peter (with his black hat on)
i guess my main thing was a way to say to a user, you can give me the
password to your email, i don't know what it is and have no way of easily
obtaining it unless you login. i don't think that keeping a plain text of
their pass in their cookie is good (obviously). email itself is insecure,
however i think most people do login to their email securely.

I think what i'm looking for is some type of one way hash that depends on
something i can get from their session.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20110312/f9825=

More information about the Catalyst mailing list