[Twisted-Python] Getting my Cred interfaces right: IUsername(Hashed)?Password
exarkun at twistedmatrix.com
exarkun at twistedmatrix.com
Wed Nov 14 07:29:56 EST 2012
On 09:05 am, _ at lvh.cc wrote:
>Hi,
>
>
>I'm trying to make sure that I have my cred interfaces right.
>
>Users log in using a username and password. They provide these
>credentials
>in plaintext (over a TLSd connection). The user password is stored
>using a
>secure key derivation function (in casu, scrypt).
>
>Currently I have this gumongous User object (an Axiom Item), and I'm
>trying
>to split it up into parts. IIUC, the checker's checked interface should
>be
>IUsernamePassword (that's already the case). However, the thing I adapt
>a
>User to to check it should be an IUsernameHashedPassword, right?
This isn't right. The point of declaring interfaces on the checker is
so the system knows what kind of credentials it can check. If your
credentials object implements a different interface than your checker
declares it can check, the system won't ever ask the checker to check
the credentials.
It sounds like you might have something extra going on beyond the normal
usage of cred, which perhaps makes the idea you've written about here
work somehow - but I don't know what the extra something is, and it
probably doesn't apply to cred usage in general (ie, perhaps it is a
particularity of Axiom).
Jean-Paul
>In the end, I doubt this matters an awful lot, unless somebody ends up
>implementing a IUsernameHashedPassword checker that is smart enough to
>read
>both scrypt/bcrypt headers and /etc/shadow-style $-delimited entries.
>
>cheers
>lvh
More information about the Twisted-Python
mailing list