Subject: Developers of Sympa
List archive
- From: Serge Aumont <address@concealed>
- To: address@concealed
- Subject: [sympa-dev] New authentication mecanism in Sympa"
- Date: Tue, 17 Jun 2008 16:27:01 +0200
Hi Sympa guys
The next major version of Sympa will be version 6.0. We plan to include some significant changes in it, that's why we gave up the idea of Sympa 5.5. We should add significant pieces of code during the summer and make it a stable version by the end of 2008 hopefuly. We've already done some work on this code branch :
Latest work : email challenge now includes a URL using a random ticket. These URLs can be used to create authenticated Sympa session to the appropriate sympa context without requiring users to login with their email and password. It is used for example when notifying a list owner that a message or a subscription request is pending. Tickets expire after a few days and can used only ones. Tickets are also used for "first login" and the "password lost" processes : password are stored as finger prints to remove the security issue of password reminder. You can test it on http://demo.sympa.org/sympa ; you will see that now passwords can't be reminded anymore, but reset instead.
Internal documentation about one_time_ticket : http://www.sympa.org/internals/internals-auth
We'll try to keep you informed of new developments more regularly and we hope to get some feedback from you.
Serge Aumont
-
[sympa-dev] New authentication mecanism in Sympa",
Serge Aumont, 06/17/2008
- Re: [sympa-dev] New authentication mecanism in Sympa", Adam Bernstein, 06/20/2008
Archive powered by MHonArc 2.6.19+.