[albatross-users] tamper-resistant authentication code
Eric S. Johansson
esj at harvee.org
Sat Sep 13 08:23:39 EST 2003
Tim Churches explained:
> I think this is a really excellent initiative. Earlier this year I
> pointed Dave and Andrew (of Object-Craft) at a Web app security
> checklist published by MIT (a different one, but I can't find the URL
> now). They indicated an intention to work through the checklist and
> close any remaining theoretical vulnerabilities in the various Albatross
> app models.
unfortunately, I've run into a bit of a stumbling block. It turns out that
pwd.getpwnam won't work for beans on a Linux system with shadow passwords. I've
posted on the Python newsgroup about this problem but I suspect I'm facing
having to create a whole separate password database and management tool kit.
You have no idea how unhappy this makes me. On the other hand, I could be
forced to use sasl which is a nightmare and a half. I'm hoping the mythical
sasl3 will be a simplificationbut it's probably more like a tax code (i.e.
everything is added, nothing removed)
---eric
More information about the Albatross-users
mailing list