[Twisted-web] [Nevow] new chapter about authentication

Valentino Volonghi aka Dialtone dialtone at divmod.com
Fri Aug 4 07:06:09 CDT 2006


On Fri, 04 Aug 2006 12:34:53 +0200, Manlio Perillo <manlio_perillo at libero.it> wrote:
>Yes, you are right. I'm a bit lost within the discussion.
>The right query is:
>
>UPDATE Accounts SET password=md5(:new_password)
>WHERE username=md5(:username)

I doubt you want to hash the username too :).

>Well, much of web2 developers are nevow developers. I'm wrong?

They have commit right on Nevow but generally they don't develop Nevow.

>> I can't think of this feature in a pluggable way. If you want it just
>> code it in your Session object. It's fairly easy to do.
>
>Yes, but you have to handle the initialization code by hand
>(self.count = 0).

You would anyway. I'm not going to have Componentized classes in Nevow anymore, it's a bad idea because the session is not really meant to store arbitrary objects (it would be a problem once you need to persist that kind
of session later on). Also it would use the session as a storage for objects which is a bad way to program. Of course it is possible anyway, but at least it's not encouraged by the framework.

>Handling session initialization code better.
>Only SessionManager knows when a session object is created and when
>simply retrivied (the interface is the same: getSession).

loggedIn callback is a different thing still and is not part of the initialization even when you decide that you don't want sessions for anonymous users because guard still has to provide a way for the other developers to have sessions for anonymous users.



More information about the Twisted-web mailing list