[Cubicweb] Pyro and ZMQ deprecated?

Yann Cointepas yann at cointepas.net
Wed Mar 5 23:41:51 CET 2014


Hi,

I rapidly browse the sources of signedrequest and, if I understand well,
there is a secret token that have to be shared between the user and the
server.

Can this secret token be compared to a kind of second password to use only
in the context of signedrequest ? If yes, does it mean that a user who want
to access to an instance via both a web interface and a script based on
signedrequest/rqlcontroller will have to manage a password and a secret
token ?

How would you recommend to manage the secret token of a user (who creates
it ? how it is exchanged between user and server ?) ?

      Yann
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cubicweb.org/pipermail/cubicweb/attachments/20140305/1c921533/attachment-0050.html>


More information about the Cubicweb mailing list