[aida] Security and passwords

Janko Mivšek janko.mivsek at eranova.si
Thu Feb 7 17:05:23 CET 2008


Nicolas,

I think it is good for inclusion. So do it and thanks for incentive.

Janko

Nicolas Petton wrote:
> Hi again,
> 
> Here is the complete change I made for Squeak:
> 
> WebSecurityManager class>>hashPassword: aString
> 	"Returns a hashed string, used to store and compare passwords in a
> secure way"
> 	^(SecureHashAlgorithm new hashMessage: aString) asString
> 
> WebSecurityManager>>userNamed: anUsernameString withPassword:
> aPasswordString
> 	" find and return a WebUser with username and password. Return nil if
> not found"
>  	(anUsernameString ~= '') | (aPasswordString ~= '') ifFalse: [^nil].
> 	^self users detect: [:user | 
> 		(user username asLowercase = anUsernameString asLowercase) and: 
> 			[user password = (WebSecurityManager hashPassword: aPasswordString)]]
> ifNone: [nil]
> 
> WebUser>>isGuest
> 	"all non registered visitors have the same user: a Guest"
> 	^self name = 'Guest' and: [(self username = 'guest') & (self password =
> (WebSecurityManager hashPassword: 'guest'))]
> 
> WebUser>>password: aString	
> 	"Store hashed string"
> 	password := WebSecurityManager hashPassword: aString
> 
> 
> The *only* thing that sould the changed fot VW is:
> 
> WebSecurityManager class>>hashPassword: aString
>         ^Security.SHA hashFrom: aString asByteArray readStream
> 
> I tried it on both Squeak and VW.
> 
> What do you think about it?
> 
> Cheers,
> 
> Nicolas
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Aida mailing list
> Aida na aidaweb.si
> http://lists.aidaweb.si/mailman/listinfo/aida

-- 
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si


More information about the Aida mailing list