authentication for hackage uploads

David House dmhouse at gmail.com
Thu Jan 4 15:54:36 EST 2007


On 04/01/07, Ross Paterson <ross at soi.city.ac.uk> wrote:
> Authentication would only happen when you upload a package.
> Do you have an alternative suggestion?

The normal authentication methods for web applications. Store a
database of (username, password) pairs. A user becomes logged in by
setting two cookies, one to indicate their username and one to
indicate their password (or often the MD5 hash of their password). To
authenticate a user, you check that these cookies are present, that
the value of the username cookie appears in the database and that the
password cookie matches the corresponding password pulled from the
database.

I'm not actually that familiar with HTTP Auth itself, just with Trac.
But if you want to save frequent contributors tearing their hear out,
at least consider this. :)

-- 
-David House, dmhouse at gmail.com


More information about the Libraries mailing list