[Twisted-web] Credential questions - hide user name and password
on login + get ip address in realm
Tommi Virtanen
tv at twistedmatrix.com
Tue Nov 16 02:15:15 MST 2004
Alexander May wrote:
>1) After I log in, the username and password are shown in the address bar.
>Is there anyway to force the guard code to use post instead of get so that
>such things are not displayed so publicly. I tried changing the main log-in
>form to use post, but it seems there is a redirect that occurs that
>prevents such a change from having the desired result.
>
>
That's a bug in _your_ code. Just use POST. Guard doesn't implement the
form.
From guarded.tac:
tags.form(action=guard.LOGIN_AVATAR, method='post')[
>2) I would like to check the up address that the user is logging in from to
>perform some additional verification. Is there a way to get access to this
>information in Realm.requestAvatar or in CredentialsChecker.requestAvatarId,
>or somewhere else where it may be incorporated into the log-in process?
>
>
Well, you can do it before or after the guard, atleast.
http://divmod.org/svn/Nevow/sandbox/tv/access
More information about the Twisted-web
mailing list