MoinMoin: MoinMoinChat/Logs/moin-dev/2006-03-25

2006-03-25T00:05:19  <xorAxAx> starshine: i want to enable it again
2006-03-25T00:05:31  <xorAxAx> starshine: there is no point in disallowing that currently
2006-03-25T00:05:45  <xorAxAx> besides the "password in url is bad" thing
2006-03-25T00:05:56  <starshine> the presumption is that knowing a funky id number is sufficiently like knowing a password?
2006-03-25T00:06:27  <starshine> couldn't someone just steal a login then by generating GET urls that look like one til one hits?
2006-03-25T00:06:43  <xorAxAx> starshine: its not a presumption, it is a fact, by design
2006-03-25T00:07:09  <starshine> .o( mind you such brute forcing should be detectable, and nobody's complained about such malicious goings on in the years it's been like this.
2006-03-25T00:07:20  <xorAxAx> starshine: brute forcing can happen without that as well
2006-03-25T00:07:29  <xorAxAx> then you just have to put it into the cookie header
2006-03-25T00:07:45  <starshine> ah.
2006-03-25T00:08:10  <starshine> in that case GET should honor the same fields as a cookie, and at the end those should go to the same method ?
2006-03-25T00:08:39  <starshine> we can presume they're equally (in)secure
2006-03-25T00:08:58  <xorAxAx> we are speaking about the UID and it doesnt need to be the cookie handler but the place where the code was  before
2006-03-25T00:09:00  <starshine> either people know/have been given these constructs, or they've gone to a lot of trouble to figure them out.
2006-03-25T00:09:14  <starshine> ok fair enough
2006-03-25T00:09:33  <starshine> e.g. to let people back in when they lost their pw ?
2006-03-25T00:10:14  <xorAxAx> no, mainly in order to have a one-click authentication
2006-03-25T00:10:37  <xorAxAx> like jürgen hermann designed this gift of usability strength and wisdom
2006-03-25T00:13:59  <starshine> ahhh
2006-03-25T00:21:26  <xorAxAx> ThomasWaldmann: how do you think about joining http://wiki.debian.org/DebianEdu/DevCamp2006?
2006-03-25T00:21:50  <xorAxAx> ThomasWaldmann: it is quite next to europython - time-wise
2006-03-25T11:10:36  <xorAxAx> ThomasWaldmann: we should switch to this licensing system - http://www.librelogiciel.com/software/PyKota/Download/action_Download :))
2006-03-25T11:10:50  <xorAxAx> or releasing system
2006-03-25T11:15:39  <ThomasWaldmann> i think this just would get people to rather use some outdated debian packages
2006-03-25T11:19:13  <xorAxAx> you would not have to package anything again officially :)
2006-03-25T11:20:28  <ThomasWaldmann> http://www.librelogiciel.com/software/punishment/action_Presentation
2006-03-25T11:23:03  <xorAxAx> ThomasWaldmann: ASP, closed source
2006-03-25T11:33:37  <ThomasWaldmann> did you try mmde with latest code?
2006-03-25T11:38:31  <xorAxAx> no
2006-03-25T11:38:54  <xorAxAx> currently listening to the mandriva-till
2006-03-25T13:40:17  <ThomasWaldmann> what's that?
2006-03-25T13:45:32  <xorAxAx> even google knows him
2006-03-25T14:03:36  <ThomasWaldmann> till@mandriva.com?
2006-03-25T14:04:12  <ThomasWaldmann> does he sing or give interviews? :)
2006-03-25T14:25:03  * ThomasWaldmann puts a "meta" file into data_dir holding data_format_revision: 01050300
2006-03-25T14:27:55  <xorAxAx> ThomasWaldmann: very nice
2006-03-25T16:24:21  * ThomasWaldmann makes mig stuff plugins
2006-03-25T21:05:46  <dreimark> moin
2006-03-25T21:07:38  <dreimark> xorAxAx: FeatureRequests/SubscribeUser with patch added