Use session to store user validation #8

krukowski · 2013-09-05T18:46:34Z

Passing the user param to the verify_computer view through a url param was a security hole.

Use session to store user validation

Bouke · 2013-09-05T21:13:44Z

Looks good, thanks for contributing!

Bouke · 2013-09-05T22:59:05Z

@mkruk45 What made you choose django-two-factor auth over the package django-otp, which is more feature-complete?

krukowski · 2013-09-06T02:48:50Z

I simply hadn't found that package. Also, after looking it over a bit, it doesn't seem to provide an easy way to switch an existing app over to a system which enables users to make two-factor verification necessary to authenticate at all. It appears that for django-otp, verification is completely separate from authentication, so that use-case isn't very easily supported.

Matt Krukowski added 2 commits September 4, 2013 16:34

Increase seed length in database to fit default

bec987c

Use sessions to store user validation

6818313

krukowski mentioned this pull request Sep 5, 2013

Sending login authorization in url params is a security hole #7

Closed

Bouke added a commit that referenced this pull request Sep 5, 2013

Merge pull request #8 from chartbeat/develop

d8496f2

Use session to store user validation

Bouke merged commit d8496f2 into jazzband:develop Sep 5, 2013

roffel added a commit to peperzaken/django-two-factor-auth that referenced this pull request Jul 3, 2018

jazzband#8 wait for it

048fe05

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use session to store user validation #8

Use session to store user validation #8

krukowski commented Sep 5, 2013

Bouke commented Sep 5, 2013

Bouke commented Sep 5, 2013

krukowski commented Sep 6, 2013

Use session to store user validation #8

Use session to store user validation #8

Conversation

krukowski commented Sep 5, 2013

Bouke commented Sep 5, 2013

Bouke commented Sep 5, 2013

krukowski commented Sep 6, 2013