Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #24829
| References | (1 earlier) <6c39594f-79cb-4d4f-967e-bbc3f68cdbdf@f8g2000pbf.googlegroups.com> <4fed59b7$0$29978$c3e8da3$5496439d@news.astraweb.com> <mailman.1631.1340982202.4697.python-list@python.org> <EaAHr.369967$of1.132220@fx06.am4> <CAH8GtdMUdrpK=O5fXSBs1Xn8CmA4qZiCqN8+PJ=CZnv8jJCYUg@mail.gmail.com> |
|---|---|
| From | Ian Kelly <ian.g.kelly@gmail.com> |
| Date | 2012-07-03 12:19 -0600 |
| Subject | Re: code review |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.1754.1341339597.4697.python-list@python.org> (permalink) |
On Tue, Jul 3, 2012 at 11:53 AM, Kushal Kumaran <kushal.kumaran+python@gmail.com> wrote: > On Sat, Jun 30, 2012 at 3:34 PM, Alister <alister.ware@ntlworld.com> wrote: >> On Fri, 29 Jun 2012 09:03:22 -0600, Littlefield, Tyler wrote: >> >>> On 6/29/2012 1:31 AM, Steven D'Aprano wrote: >>>> On Thu, 28 Jun 2012 20:58:15 -0700, alex23 wrote: >>>> >>>>> On Jun 29, 12:57 pm, "Littlefield, Tyler" <ty...@tysdomain.com> wrote: >>>>>> I was curious if someone wouldn't mind poking at some code. The >>>>>> project page is at:http://code.google.com/p/pymud Any information is >>>>>> greatly appreciated. >>>>> I couldn't find any actual code at that site, the git repository is >>>>> currently empty. >>> >>> OOPS, sorry. Apparently I'm not as good with git as I thought. >>> Everything's in the repo now. >> >> I think I may be on firmer grounds with the next few: >> >> isValidPassword can be simplified to >> >> def isValidPassword(password: >> count=len(password) >> return count>= mud.minpass and count<= mud.maxpass >> > > I haven't actually seen the rest of the code, but I would like to > point out that applications placing maximum length limits on passwords > are extremely annoying. They're annoying when the maximum length is unreasonably small, but you have to have a maximum length to close off one DoS attack vector. Without a limit, if a "user" presents a 1 GB password, then guess what? Your system has to hash that GB of data before it can reject it. And if you're serious about security then it will be a cryptographic hash, and that means slow. To prevent that, the system needs to reject outright password attempts that are longer than some predetermined reasonable length, and if the system won't authenticate those passwords, then it can't allow the user to set them either. Cheers, Ian
Back to comp.lang.python | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
code review "Littlefield, Tyler" <tyler@tysdomain.com> - 2012-06-28 20:57 -0600
Re: code review alex23 <wuwei23@gmail.com> - 2012-06-28 20:58 -0700
Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-06-29 07:31 +0000
Re: code review Chris Angelico <rosuav@gmail.com> - 2012-06-29 17:42 +1000
Re: code review "Littlefield, Tyler" <tyler@tysdomain.com> - 2012-06-29 09:03 -0600
Re: code review Alister <alister.ware@ntlworld.com> - 2012-06-29 19:41 +0000
Re: code review MRAB <python@mrabarnett.plus.com> - 2012-06-29 21:09 +0100
Re: code review "Martin P. Hellwig" <martin.hellwig@gmail.com> - 2012-06-29 13:27 -0700
Re: code review Alister <alister.ware@ntlworld.com> - 2012-06-29 20:43 +0000
Re: code review Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2012-06-29 19:02 -0400
Re: code review Terry Reedy <tjreedy@udel.edu> - 2012-06-29 23:02 -0400
Re: code review "Littlefield, Tyler" <tyler@tysdomain.com> - 2012-06-29 14:49 -0600
Re: code review Alister <alister.ware@ntlworld.com> - 2012-06-30 09:31 +0000
Re: code review Alister <alister.ware@ntlworld.com> - 2012-06-30 09:36 +0000
Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-06-30 02:28 +0000
Re: code review Alister <alister.ware@ntlworld.com> - 2012-06-30 09:22 +0000
Re: code review Terry Reedy <tjreedy@udel.edu> - 2012-06-29 23:00 -0400
Re: code review Alister <alister.ware@ntlworld.com> - 2012-06-30 10:04 +0000
Re: code review Peter Otten <__peter__@web.de> - 2012-06-30 12:29 +0200
Re: code review Thomas 'PointedEars' Lahn <PointedEars@web.de> - 2012-06-30 20:39 +0200
Re: code review Thomas Jollans <t@jollybox.de> - 2012-06-30 21:38 +0200
Re: code review Alister <alister.ware@ntlworld.com> - 2012-06-30 20:30 +0000
Re: code review Thomas Jollans <t@jollybox.de> - 2012-06-30 22:50 +0200
Re: code review Alain Ketterlin <alain@dpt-info.u-strasbg.fr> - 2012-06-30 23:07 +0200
Re: code review Thomas Jollans <t@jollybox.de> - 2012-06-30 23:35 +0200
Re: code review Terry Reedy <tjreedy@udel.edu> - 2012-06-30 17:47 -0400
Re: code review Thomas Jollans <t@jollybox.de> - 2012-07-01 00:05 +0200
Re: code review Alain Ketterlin <alain@dpt-info.u-strasbg.fr> - 2012-07-01 01:03 +0200
Re: code review Ben Finney <ben+python@benfinney.id.au> - 2012-07-01 10:08 +1000
Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-01 10:37 +1000
Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-01 03:23 +0000
Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-01 13:48 +1000
Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-01 06:54 +0000
Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-01 16:59 +1000
Re: code review Terry Reedy <tjreedy@udel.edu> - 2012-07-01 05:55 -0400
Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-02 01:26 +0000
Re: code review Albert van der Horst <albert@spenarnc.xs4all.nl> - 2012-07-13 12:30 +0000
Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-13 15:04 +0000
Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-14 01:36 +1000
Re: code review rusi <rustompmody@gmail.com> - 2012-07-13 09:24 -0700
Re: code review Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2012-07-13 16:39 -0400
Re: code review Duncan Booth <duncan.booth@invalid.invalid> - 2012-07-16 10:43 +0000
Re: code review Ben Finney <ben+python@benfinney.id.au> - 2012-07-16 21:34 +1000
Re: code review Albert van der Horst <albert@spenarnc.xs4all.nl> - 2012-07-17 10:54 +0000
Re: code review Terry Reedy <tjreedy@udel.edu> - 2012-07-13 19:09 -0400
Re: code review Ian Kelly <ian.g.kelly@gmail.com> - 2012-07-14 03:26 -0600
Re: code review Terry Reedy <tjreedy@udel.edu> - 2012-07-14 16:42 -0400
Re: code review rusi <rustompmody@gmail.com> - 2012-06-30 21:07 -0700
Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-01 14:20 +1000
Re: code review Ben Finney <ben+python@benfinney.id.au> - 2012-07-01 17:28 +1000
Re: code review Thomas Jollans <t@jollybox.de> - 2012-07-01 09:46 +0200
Re: code review HoneyMonster <nobody@someplace.invalid> - 2012-07-01 20:53 +0000
Re: code review Devin Jeanpierre <jeanpierreda@gmail.com> - 2012-07-01 05:18 -0400
Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-02 00:41 +0000
Re: code review Devin Jeanpierre <jeanpierreda@gmail.com> - 2012-07-01 21:40 -0400
Re: code review Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2012-07-01 13:41 -0400
Re: code review John O'Hagan <research@johnohagan.com> - 2012-07-02 14:43 +1000
Re: Re: code review Evan Driscoll <driscoll@cs.wisc.edu> - 2012-06-30 23:45 -0500
Re: Re: code review Thomas 'PointedEars' Lahn <PointedEars@web.de> - 2012-07-01 08:57 +0200
Re: code review Alister <alister.ware@ntlworld.com> - 2012-07-01 09:54 +0000
Re: Re: code review Evan Driscoll <driscoll@cs.wisc.edu> - 2012-07-01 10:48 -0500
Re: Re: code review lars van gemerden <lars@rational-it.com> - 2012-07-06 04:22 -0700
Re: Re: code review lars van gemerden <lars@rational-it.com> - 2012-07-06 04:22 -0700
Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-06 13:58 +0000
Re: code review Roy Smith <roy@panix.com> - 2012-07-13 08:32 -0700
Re: code review Evan Driscoll <driscoll@cs.wisc.edu> - 2012-06-30 23:57 -0500
Re: code review Thomas 'PointedEars' Lahn <PointedEars@web.de> - 2012-07-01 09:04 +0200
Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-01 02:06 +0000
Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-01 12:20 +1000
Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-01 04:17 +0000
Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-01 14:23 +1000
Re: code review Steven D'Aprano <steve+usenet@pearwood.info> - 2012-07-01 06:27 +0000
Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-01 16:33 +1000
Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-02 01:28 +0000
Re: code review Devin Jeanpierre <jeanpierreda@gmail.com> - 2012-07-01 21:50 -0400
Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-02 07:29 +0000
Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-02 12:04 +1000
Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-02 08:11 +0000
Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-02 18:20 +1000
Re: code review Rick Johnson <rantingrickjohnson@gmail.com> - 2012-07-02 08:57 -0700
Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-03 02:42 +1000
Re: code review Rick Johnson <rantingrickjohnson@gmail.com> - 2012-07-02 11:22 -0700
Re: code review Thomas Jollans <t@jollybox.de> - 2012-07-02 21:06 +0200
Re: code review Rick Johnson <rantingrickjohnson@gmail.com> - 2012-07-02 12:35 -0700
Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-03 07:57 +1000
Re: code review Neil Cerutti <neilc@norwich.edu> - 2012-07-03 12:19 +0000
Re: code review Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2012-07-02 01:20 -0400
Re: code review Thomas Jollans <t@jollybox.de> - 2012-07-02 16:41 +0200
Re: code review Terry Reedy <tjreedy@udel.edu> - 2012-07-02 11:33 -0400
Re: code review Thomas Jollans <t@jollybox.de> - 2012-07-01 09:35 +0200
Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-02 00:43 +0000
Re: code review Thomas Jollans <t@jollybox.de> - 2012-07-02 16:26 +0200
Re: code review Rick Johnson <rantingrickjohnson@gmail.com> - 2012-07-02 08:16 -0700
Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-03 02:55 +1000
Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-03 00:57 +0000
Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-03 11:22 +1000
Re: code review John O'Hagan <research@johnohagan.com> - 2012-07-03 12:25 +1000
Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-03 04:11 +0000
Re: code review Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2012-07-03 02:09 -0400
Re: code review Roy Smith <roy@panix.com> - 2012-07-03 08:33 -0400
Re: code review Mark Lawrence <breamoreboy@yahoo.co.uk> - 2012-07-03 16:53 +0100
Re: code review Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2012-07-03 17:32 -0400
Re: code review rusi <rustompmody@gmail.com> - 2012-07-02 22:10 -0700
Re: code review Ben Finney <ben+python@benfinney.id.au> - 2012-07-03 15:46 +1000
Re: code review John O'Hagan <research@johnohagan.com> - 2012-07-04 00:59 +1000
Re: code review Mark Lawrence <breamoreboy@yahoo.co.uk> - 2012-07-03 16:50 +0100
Re: code review Paul Rudin <paul.nospam@rudin.co.uk> - 2012-07-04 10:29 +0100
Re: code review Mark Lawrence <breamoreboy@yahoo.co.uk> - 2012-07-04 17:25 +0100
Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-04 01:53 +1000
Re: code review Mark Lawrence <breamoreboy@yahoo.co.uk> - 2012-07-03 17:05 +0100
Re: code review Dave Angel <d@davea.name> - 2012-07-03 16:13 -0400
Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-04 07:54 +1000
Re: code review Mark Lawrence <breamoreboy@yahoo.co.uk> - 2012-07-04 09:28 +0100
Re: code review rusi <rustompmody@gmail.com> - 2012-06-30 19:37 -0700
Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-01 09:25 +1000
Re: code review Thomas Jollans <t@jollybox.de> - 2012-07-01 01:50 +0200
Re: code review "Martin P. Hellwig" <martin.hellwig@gmail.com> - 2012-06-30 14:48 -0700
Re: code review Ian Kelly <ian.g.kelly@gmail.com> - 2012-07-02 13:16 -0600
Re: code review Alister <alister.ware@ntlworld.com> - 2012-06-30 20:25 +0000
Re: code review Kushal Kumaran <kushal.kumaran+python@gmail.com> - 2012-07-03 23:23 +0530
Re: code review John Gordon <gordon@panix.com> - 2012-07-03 18:18 +0000
Re: code review Ian Kelly <ian.g.kelly@gmail.com> - 2012-07-03 12:27 -0600
Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-04 07:51 +1000
Re: code review Ian Kelly <ian.g.kelly@gmail.com> - 2012-07-03 12:19 -0600
Re: code review kushal.kumaran+python@gmail.com - 2012-07-04 08:27 +0530
Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-04 13:53 +1000
Re: code review Simon Cropper <simoncropper@fossworkflowguides.com> - 2012-07-04 14:55 +1000
Re: code review "Littlefield, Tyler" <tyler@tysdomain.com> - 2012-07-03 23:39 -0600
Re: code review alex23 <wuwei23@gmail.com> - 2012-07-03 23:17 -0700
Re: code review rusi <rustompmody@gmail.com> - 2012-07-04 00:05 -0700
Apology for OT posts (was: code review) John O'Hagan <research@johnohagan.com> - 2012-07-06 12:06 +1000
Re: Apology for OT posts Simon Cropper <simoncropper@fossworkflowguides.com> - 2012-07-06 15:30 +1000
Re: Apology for OT posts Chris Angelico <rosuav@gmail.com> - 2012-07-06 17:45 +1000
Re: Apology for OT posts Mark Lawrence <breamoreboy@yahoo.co.uk> - 2012-07-06 10:37 +0100
csiph-web