2006-03-25T00:05:19 <xorAxAx> starshine: i want to enable it again
2006-03-25T00:05:31 <xorAxAx> starshine: there is no point in disallowing that currently
2006-03-25T00:05:45 <xorAxAx> besides the "password in url is bad" thing
2006-03-25T00:05:56 <starshine> the presumption is that knowing a funky id number is sufficiently like knowing a password?
2006-03-25T00:06:27 <starshine> couldn't someone just steal a login then by generating GET urls that look like one til one hits?
2006-03-25T00:06:43 <xorAxAx> starshine: its not a presumption, it is a fact, by design
2006-03-25T00:07:09 <starshine> .o( mind you such brute forcing should be detectable, and nobody's complained about such malicious goings on in the years it's been like this.
2006-03-25T00:07:20 <xorAxAx> starshine: brute forcing can happen without that as well
2006-03-25T00:07:29 <xorAxAx> then you just have to put it into the cookie header
2006-03-25T00:07:45 <starshine> ah.
2006-03-25T00:08:10 <starshine> in that case GET should honor the same fields as a cookie, and at the end those should go to the same method ?
2006-03-25T00:08:39 <starshine> we can presume they're equally (in)secure
2006-03-25T00:08:58 <xorAxAx> we are speaking about the UID and it doesnt need to be the cookie handler but the place where the code was before
2006-03-25T00:09:00 <starshine> either people know/have been given these constructs, or they've gone to a lot of trouble to figure them out.
2006-03-25T00:09:14 <starshine> ok fair enough
2006-03-25T00:09:33 <starshine> e.g. to let people back in when they lost their pw ?
2006-03-25T00:10:14 <xorAxAx> no, mainly in order to have a one-click authentication
2006-03-25T00:10:37 <xorAxAx> like jürgen hermann designed this gift of usability strength and wisdom
2006-03-25T00:13:59 <starshine> ahhh
2006-03-25T00:21:26 <xorAxAx> ThomasWaldmann: how do you think about joining http://wiki.debian.org/DebianEdu/DevCamp2006?
2006-03-25T00:21:50 <xorAxAx> ThomasWaldmann: it is quite next to europython - time-wise
2006-03-25T11:10:36 <xorAxAx> ThomasWaldmann: we should switch to this licensing system - http://www.librelogiciel.com/software/PyKota/Download/action_Download :))
2006-03-25T11:10:50 <xorAxAx> or releasing system
2006-03-25T11:15:39 <ThomasWaldmann> i think this just would get people to rather use some outdated debian packages
2006-03-25T11:19:13 <xorAxAx> you would not have to package anything again officially :)
2006-03-25T11:20:28 <ThomasWaldmann> http://www.librelogiciel.com/software/punishment/action_Presentation
2006-03-25T11:23:03 <xorAxAx> ThomasWaldmann: ASP, closed source
2006-03-25T11:33:37 <ThomasWaldmann> did you try mmde with latest code?
2006-03-25T11:38:31 <xorAxAx> no
2006-03-25T11:38:54 <xorAxAx> currently listening to the mandriva-till
2006-03-25T13:40:17 <ThomasWaldmann> what's that?
2006-03-25T13:45:32 <xorAxAx> even google knows him
2006-03-25T14:03:36 <ThomasWaldmann> till@mandriva.com?
2006-03-25T14:04:12 <ThomasWaldmann> does he sing or give interviews? :)
2006-03-25T14:25:03 * ThomasWaldmann puts a "meta" file into data_dir holding data_format_revision: 01050300
2006-03-25T14:27:55 <xorAxAx> ThomasWaldmann: very nice
2006-03-25T16:24:21 * ThomasWaldmann makes mig stuff plugins
2006-03-25T21:05:46 <dreimark> moin
2006-03-25T21:07:38 <dreimark> xorAxAx: FeatureRequests/SubscribeUser with patch added
MoinMoin: MoinMoinChat/Logs/moin-dev/2006-03-25 (last edited 2007-10-29 19:09:07 by localhost)