2009-02-17T00:00:00 * dreimark thinks about adding an underlay dir to extensions. So features can be described there
2009-02-17T03:04:05 *** moinBot` has joined #moin-dev
2009-02-17T03:04:51 *** moinBot has quit IRC
2009-02-17T03:44:18 *** moinBot has joined #moin-dev
2009-02-17T07:08:49 *** starGaming has quit IRC
2009-02-17T10:56:50 <dreimark> moin
2009-02-17T12:01:56 <ThomasWaldmann> moin
2009-02-17T12:02:21 <ThomasWaldmann> http basic auth done by moin works :)
2009-02-17T12:08:39 <TheSheep> \o/
2009-02-17T12:09:19 <ThomasWaldmann> i am just thinking about 2 options:
2009-02-17T12:09:55 <ThomasWaldmann> should there be an option for "shall moin emit 401 WWW-Authorize"?
2009-02-17T12:10:25 <ThomasWaldmann> should there be an option to enable login by invalid users?
2009-02-17T12:28:44 <dreimark> what is an invalid user there ?
2009-02-17T12:29:49 <TheSheep> dreimark: one that's not registered
2009-02-17T12:32:54 <dreimark> I think then it should not be possible otherwise you mix a welldefined auth with an undefined onw
2009-02-17T12:33:02 <dreimark> s/onw/one
2009-02-17T12:41:21 <ThomasWaldmann> for now, I'll just commit it without those options
2009-02-17T12:42:14 <dreimark> :)
2009-02-17T12:44:32 <ThomasWaldmann> the idea behind 1) was to have OPTIONAL http auth if somebody/something sends authorization headers without needing being asked for it
2009-02-17T12:44:49 <ThomasWaldmann> some of our old xmlrpc scripts worked like that
2009-02-17T12:45:02 <ThomasWaldmann> i don't know how rss feed readers supporting auth work
2009-02-17T12:46:07 <TheSheep> they just remember the password
2009-02-17T12:46:40 <ThomasWaldmann> and do they need to be asked via 401 header or do they just ever send authorization header?
2009-02-17T12:46:56 <TheSheep> ah, good question
2009-02-17T12:48:13 <ThomasWaldmann> the idea behind 2) was not to block completely for users without account and maybe even autocreate user profiles with the data they enter
2009-02-17T12:48:22 <ThomasWaldmann> so they would ad-hoc become valid users
2009-02-17T12:48:57 <ThomasWaldmann> that's similar to moin_login auth (everybody can become a valid user there, too, using the user creation form)
2009-02-17T12:49:12 <ThomasWaldmann> that doesn't mean he gets acl rights, though
2009-02-17T12:50:53 <ThomasWaldmann> otoh, we won't get the email of the user that way...
2009-02-17T12:54:14 <CIA-38> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 4595:59728f08e040 1.9/MoinMoin/auth/http.py: HTTPAuthMoin: http basic auth done by moin
2009-02-17T13:08:08 <ThomasWaldmann> bbl
2009-02-17T16:32:31 *** coreyleong has joined #moin-dev
2009-02-17T16:55:21 <dreimark> bbl2
2009-02-17T17:47:10 *** xorAxAx has quit IRC
2009-02-17T17:47:52 *** xorAxAx has joined #moin-dev
2009-02-17T18:57:43 *** grzywacz has joined #moin-dev
2009-02-17T19:45:50 *** starGaming has joined #moin-dev
2009-02-17T20:10:49 <dreimark> http://www.sans.org/top25errors/
2009-02-17T20:12:58 <TheSheep> dreimark: the language of that text, and it's focus on who did it and what are the benefits, instead of what are the errors, is disturbing
2009-02-17T20:13:09 <TheSheep> s/it's/its
2009-02-17T20:13:34 <dreimark> see here scroll 60% downhttp://www.sans.org/top25errors/#s2
2009-02-17T20:16:05 <TheSheep> yes, I did, I just find the fact that they don't focus on it disturbing :)
2009-02-17T20:16:15 <TheSheep> like they are CEOs or something
2009-02-17T20:17:06 <dreimark> me too but seems they honor the people working for it
2009-02-17T20:18:34 * TheSheep honors the work
2009-02-17T20:21:48 <dreimark> :)
2009-02-17T20:33:04 <TheSheep> dreimark: especially when you contrast it with language used in the actual bug descriptions: Computers have a strange habit of doing what you say, not what you mean. Insufficient output encoding is the often-ignored sibling to poor input validation, but it is at the root of most injection-based attacks, which are all the rage these days...
2009-02-17T20:33:16 <ThomasWaldmann> that article could be significantly improved by stripping the top 50% blabla
2009-02-17T20:33:41 <TheSheep> ThomasWaldmann: then the ceos wouldn't read it
2009-02-17T20:38:40 <ThomasWaldmann> btw, what's "blabla" in english, polish, ...? :)
2009-02-17T20:38:58 <TheSheep> blabla
2009-02-17T20:39:03 <TheSheep> blah blah
2009-02-17T20:39:10 <TheSheep> ble ble
2009-02-17T20:39:19 <ThomasWaldmann> hehe
2009-02-17T20:39:32 <TheSheep> bełkot is the noun
2009-02-17T20:39:38 <TheSheep> blubbering
2009-02-17T20:42:06 <ThomasWaldmann> http://geekandpoke.typepad.com/ :)
2009-02-17T21:25:52 <ThomasWaldmann> btw, browser language detection is broken on mm 1.9
2009-02-17T22:33:14 <CIA-38> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 4596:ea636cd71757 1.9/MoinMoin/auth/http.py: using public werkzeug api: rather use abort(x) than raise _ProxyException(x)
2009-02-17T23:11:48 <dreimark> currently the credits for mathtran is removed after the formular is saved as cache file. How can we solve that?
2009-02-17T23:35:41 *** coreyleong has quit IRC
2009-02-17T23:46:49 <CIA-38> Reimar Bauer <rb.proj AT googlemail DOT com> default * 360:f57de7994cf6 1.7-extensions/data/plugin/ (3 files in 2 dirs): mathtran, inline_latex, text_x_mathtran: fixed comments
MoinMoin: MoinMoinChat/Logs/moin-dev/2009-02-17 (last edited 2009-02-16 23:00:01 by IrcLogImporter)