| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Greg Stark <stark(at)mit(dot)edu>, "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org>, Dave Page <dpage(at)pgadmin(dot)org>, PostgreSQL WWW <pgsql-www(at)postgresql(dot)org> |
| Subject: | Re: Google signin |
| Date: | 2017-08-15 18:26:34 |
| Message-ID: | 9AE33E9B-A024-4113-98A0-7F395E2A917E@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
> On 15 Aug 2017, at 12:18, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
>
> Here's an updated patch
In the below hunk, s/decicated/dedicated/:
+a decicated account, or use one of the third party sign-in systems below.
Without being terribly well versed in Django (or Python), the logic seems quite
reasonable to me on a read through/review.
> that does this. It will try in order:
> <firstname><lastinitial>, e.g. stephenf
> <firstinitial><lasdtname>,e.g. sfrost
> <firstname><lastinitial><number>, e.g. stephenf0, stephenf1, stephenf2 etc
How about a random number instead? Not that I see any immediate risk with
anything here, but many years of looking at logs from web attacks has taught me
that predictability is what is being tried first.
A big +1 on getting this functionality in.
cheers ./daniel
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2017-08-15 20:22:41 | Re: Google signin |
| Previous Message | Stephen Frost | 2017-08-15 16:02:40 | Re: Google signin |