Hi,
> The what? Is this some place in Korea or Vietnam?
Koh Phangan is one of the Southern islands in Thailand. I'm not going
to Korea, but I should be in Vietnam within a couple of months.
Read all about it - http://pajhome.org.uk/aboutme/blog/
Paul
--~--~-~--~~~-
On Tue, May 12, 2009 at 2:42 AM, Paul Johnston wrote:
>
> BTW, the Full Moon Party on Koh Phangan is the most amazing party I
> have ever been to in my life.
The what? Is this some place in Korea or Vietnam?
--
Mike Orr
--~--~-~--~~~---~--~~
You received this
Hi,
Cool, really pleased we're all friends again.
I haven't heard from James about AuthKit; I will contact him myself at
some point. I'm going to add this to repoze.who first, mostly because
that's the TG auth lib, and TG is my fave framework.
To be honest, I don't know if there's much demand f
Hi,
On Sun, May 10, 2009 at 12:27 PM, Paul Johnston wrote:
>
> Hi,
>
> > No need to be arrogant and insult people. "Your reply is line noise"?
> > "Go to another site to find out why"? That really makes people trust
> > what you have to say, not.
>
> Sorry for bringing mud to the list, I know
On Sun, 2009-05-10 at 11:28 -0700, Mike Orr wrote:
> On Sun, May 10, 2009 at 4:27 AM, Paul Johnston wrote:
> > Ben, I was thinking that adding this to AuthKit is the obvious choice.
>
> Neither AuthKit nor repoze.who are intrinsically part of Pylons, so
> you want to direct your question to Jame
On Sun, May 10, 2009 at 4:27 AM, Paul Johnston wrote:
> Ben, I was thinking that adding this to AuthKit is the obvious choice.
Neither AuthKit nor repoze.who are intrinsically part of Pylons, so
you want to direct your question to James Gardner, the AuthKit
maintainer, whom I'm cc'ing. Chris Mc
On Sun, May 10, 2009 at 4:27 AM, Paul Johnston wrote:
>
> Hi,
>
>> No need to be arrogant and insult people. "Your reply is line noise"?
>> "Go to another site to find out why"? That really makes people trust
>> what you have to say, not.
>
> Sorry for bringing mud to the list, I know it's not
Hi,
> No need to be arrogant and insult people. "Your reply is line noise"?
> "Go to another site to find out why"? That really makes people trust
> what you have to say, not.
Sorry for bringing mud to the list, I know it's not the culture here
to communicate like that. However, Ross' message
On Sat, May 9, 2009 at 7:14 AM, Paul Johnston wrote:
>
> Ross, your reply is also line noise and if you read the site you'll
> understand why.
No need to be arrogant and insult people. "Your reply is line noise"?
"Go to another site to find out why"? That really makes people trust
what you ha
On May 9, 2009, at 8:40 AM, Ross Lawley wrote:
Its not *just* noise, its not the first time such conversations have
come up and I'm yet to be convinced javascript can provide a solid
solution.
No one ever said it was fool-proof, its an alternative to using SSL.
I've never heard anyone pro
Paul,
Its not *just* noise, its not the first time such conversations have come up
and I'm yet to be convinced javascript can provide a solid solution.
As a user I can I login without js and with js enabled? Certain devices
might not have js enabled, do I have to cater for that as well purely on
Ross, your reply is also line noise and if you read the site you'll
understand why.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"pylons-devel" group.
To post to this group, send email to pylons-devel@googlegroups.
Not sure I agree with this,
Requiring javascript for login / authentication is crazy as it means those
without js can't authenticate. If you allow both methods you just then you
increased the the attack vector by 100%.
Ross
On Sat, May 9, 2009 at 7:28 AM, Paul Johnston wrote:
>
> Hi,
>
> Good
Hi,
Good summary Ben. Mike - no worries for jumping the gun, about 50% of
replies have been similar. I'm still learning how to tailor these
communications to reduce line noise; any suggestions would be welcome.
In fact, MD5 is fine for this use, the scheme doesn't rely on the
collision resistanc
Oh that's interesting.
My apologies for jumping the gun. (like I said, I'm not really a
security person)
On May 4, 11:49 pm, Ben Bangert wrote:
> On May 4, 2009, at 4:48 PM, Mike Lewis wrote:
>
> > Having passwords encrypted in MD5 sent in plaintext is probably almost
> > worse than just sendin
On May 4, 2009, at 4:48 PM, Mike Lewis wrote:
Having passwords encrypted in MD5 sent in plaintext is probably almost
worse than just sending them in plaintext.
I was about to say something similar, until I read more about Paul's
scheme. :)
Paul is using a hand-shake method whereby the pass
Hi Paul,
Having passwords encrypted in MD5 sent in plaintext is probably almost
worse than just sending them in plaintext.
MD5 has been considered insecure for quite a while now. It's very easy
to
crack. [1]
The reason I suggest it's worse is because it gives a false sense of
security.
Also, th
Hi,
Many web sites have a user name and password login system, and do not
use SSL. As a consequence, users' passwords are transmitted over the
internet unencrypted. This puts them at risk, particularly if the user
is on a shared ethernet segment, or open wireless network.
For many years I have p
18 matches
Mail list logo
