| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2013-04-24 | If needed instead of an elif. | Tom Galloway | |
| 2013-04-23 | Merged with James's upstream. | Nick Daly | |
| Hope I did it right. If I screwed up, withsqlite is borked. | |||
| 2013-03-23 | Unify authentication errors. | Nick Daly | |
| Give the same error if the username doesn't exist or if the password is wrong. If we deliver separate errors, we tell the attacker whether they've picked a valid password or not. Also, if username doesn't exist, hash the password anyway to avoid this timing side-channel attack: 1. Invalid Username: A. User tries to log in with invalid username. B. User name is not found in database. C. Password is never hashed. 2. Invalid Password: A. User tries to log in with valid username. B. User name is found in database. C. Password is hashed. Given that proper password hashing will take a minute, *not* hashing the password takes so much less time that we've effectively indicated to the attacker that the username didn't exist, regardless of the error message. This way, no such error occurs. | |||
| 2013-01-22 | Add User & Delete User now works correctly. | Tom Galloway | |
| 2013-01-21 | Changes to get user management screens started. Updated UserStore to add all ↵ | Tom Galloway | |
| expected functions. Added tests for these functions. | |||
| 2013-01-16 | withsqlite is now retrieved from github. Manage User & Groups pages now ↵ | Tom Galloway | |
| display correctly but don't do anything yet. | |||
| 2013-01-10 | Fix to allow hostname to be updated on Ubuntu. This needed a change to ↵ | Tom Galloway | |
| exmachina which I've created a pull request for. I've updated Make to point to my fork of exmachina until this has been merged, when it can be reverted. | |||
| 2012-07-26 | use exmachina to configure timezone | bnewbold | |
| 2012-07-12 | integrate exmachina configuration management layer | bnewbold | |
| - add exmachina code and test code - modify plinth.py to listen for shared secret on stdin at start (if appropriate flag is set) and try to connect to exmachina daemon - use exmachina to read and set /etc/hostname as a demo - update plinth init.d script to start exmachina and share keys - update docs with new deps and run instructions | |||
| 2012-03-12 | fixes to boostrap, new icons, mobile view works | Sean O'Brien | |
| 2012-03-12 | new template based upon bootstrap | Sean O'Brien | |
| 2012-02-19 | unlink santiago | James Vasile | |
| 2012-02-19 | flesh out santiago and apache config a bit | James Vasile | |
| 2012-02-19 | enable santiago | James Vasile | |
| 2012-02-19 | starting santiago | James Vasile | |
| 2012-02-19 | add order to privacy page plugin | James Vasile | |
| 2012-02-19 | complete the transition to sqlite | James Vasile | |
| 2012-02-19 | autocommit | James Vasile | |
| 2012-02-19 | add TODO: at exit, commit db | James Vasile | |
| 2012-02-19 | move to sqlite3 + json dict storage for users | James Vasile | |
| 2011-09-29 | remove references to design blathering | James Vasile | |
| 2011-03-09 | Makefile generates cherrpy.config | James Vasile | |
| 2011-03-09 | load router before router/info | James Vasile | |
| 2011-02-22 | ... | James Vasile | |
 |
index : plinth/plinth.git | |
| Unnamed repository; edit this file 'description' to name the repository. | Tzafrir Cohen |
| summaryrefslogtreecommitdiff |