[aida] Security and passwords

Nicolas Petton petton.nicolas at gmail.com
Thu Feb 7 16:55:44 CET 2008


Hi again,

Here is the complete change I made for Squeak:

WebSecurityManager class>>hashPassword: aString
	"Returns a hashed string, used to store and compare passwords in a
secure way"
	^(SecureHashAlgorithm new hashMessage: aString) asString

WebSecurityManager>>userNamed: anUsernameString withPassword:
aPasswordString
	" find and return a WebUser with username and password. Return nil if
not found"
 	(anUsernameString ~= '') | (aPasswordString ~= '') ifFalse: [^nil].
	^self users detect: [:user | 
		(user username asLowercase = anUsernameString asLowercase) and: 
			[user password = (WebSecurityManager hashPassword: aPasswordString)]]
ifNone: [nil]

WebUser>>isGuest
	"all non registered visitors have the same user: a Guest"
	^self name = 'Guest' and: [(self username = 'guest') & (self password =
(WebSecurityManager hashPassword: 'guest'))]

WebUser>>password: aString	
	"Store hashed string"
	password := WebSecurityManager hashPassword: aString


The *only* thing that sould the changed fot VW is:

WebSecurityManager class>>hashPassword: aString
        ^Security.SHA hashFrom: aString asByteArray readStream

I tried it on both Squeak and VW.

What do you think about it?

Cheers,

Nicolas


-- 
Nicolas Petton
http://nico.bioskop.fr
            ___
          ooooooo
         OOOOOOOOO
        |Smalltalk|
         OOOOOOOOO
          ooooooo
           \   /
            [|]
--------------------------------
Ma clé PGP est disponible ici :
http://nico.bioskop.fr/pgp-key.html
-------------- section suivante --------------
Une pi?ce jointe non texte a ?t? nettoy?e...
Nom: non disponible
Type: application/pgp-signature
Taille: 189 octets
Desc: Ceci est une partie de message
	=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
Url: http://lists.aidaweb.si/pipermail/aida/attachments/20080207/85d68b87/attachment.sig 


More information about the Aida mailing list