Login or Register to Ask a Question and Join Our Community

linux operating commands and unix operating commands

BSIMM2

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
# 1  
Old 05-13-2010
BSIMM2
A considerable change from the first Build Security In Maturity Model.  Version 2 has more structure, but I'm not sure that the two-dimensional model adds much.  It still isn't a "maturity" model as such.  Still, anything that gets more app dev security advice out there ...

Image
Image

More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

jifty::plugin::authentication::password::mixin::model::user

Jifty::Plugin::Authentication::Password::Mixin::Model::UUser3Contributed Perl DocuJifty::Plugin::Authentication::Password::Mixin::Model::User(3pm)

NAME

       Jifty::Plugin::Authentication::Password::Mixin::Model::User - password plugin user mixin model

SYNOPSIS

	 package MyApp::Model::User;
	 use Jifty::DBI::Schema;
	 use MyApp::Record schema {
	     # custom column definitions
	 };

	 use Jifty::Plugin::User::Mixin::Model::User; # name, email, email_confirmed
	 use Jifty::Plugin::Authentication::Password::Mixin::Model::User;
	 # ^^ password, auth_token

DESCRIPTION

       This mixin model is added to the application's account model for use with the password authentication plugin. This mixin should be used in
       combination with Jifty::Plugin::User::Mixin::Model::User.

SCHEMA

       This mixin adds the following columns to the model schema:

   auth_token
       This is a unique identifier used when confirming a user's email account and recovering a lost password.

   password
       This is the user's password. It will be stored in the database after being processed through Digest::MD5, so the password cannot be
       directly recovered from the database.

METHODS

   register_triggers
       Adds the triggers to the model this mixin is added to.

   password_is PASSWORD
       Checks if the user's password matches the provided PASSWORD.

   hashed_password_is HASH TOKEN
       Check if the given HASH is the result of hashing our (already salted and hashed) password with TOKEN.

       This can be used in cases where the pre-hashed password is sent during login as an additional security precaution (such as could be done
       via Javascript).

   validate_password
       Makes sure that the password is six characters long or longer, unless we have alternative means to authenticate.

   after_create
       This trigger is added to the account model. It automatically sends a notification email to the user for password confirmation.

       See Jifty::Plugin::Authentication::Password::Notification::ConfirmEmail.

   has_alternative_auth
       If your model supports other means of authentication, you should have this method return true, so the "password" field can optionally be
       null and authentication with password is disabled in that case.

   after_set_password
       Regenerate authentication tokens on password change

   regenerate_auth_token
       Generate a new auth_token for this user. This will invalidate any existing feed URLs.

SEE ALSO

       Jifty::Plugin::Authentication::Password, Jifty::Plugin::User::Mixin::Model

LICENSE

       Jifty is Copyright 2005-2010 Best Practical Solutions, LLC.  Jifty is distributed under the same terms as Perl itself.

perl v5.14.2							    2010-12-10	  Jifty::Plugin::Authentication::Password::Mixin::Model::User(3pm)