[Cubicweb] Pyro and ZMQ deprecated?

Julien Cristau julien.cristau at logilab.fr
Thu Mar 6 14:43:22 CET 2014


On Thu, Mar  6, 2014 at 14:29:13 +0100, Yann Cointepas wrote:

> But, according to previous posts, I understood that
> signedrequest/rqlcontroller may evolve to become a replacement of Pyro/ZMQ.
> It means that it is necessary to find a way to make it usable for real
> users via an API like cubicweb.dbapi. Otherwise it would be the end of this
> API.
> 
cubicweb.dbapi is indeed on the way out.  The replacement of its remote
capabilities by signedrequest/rqlcontroller using a http(s) transport
doesn't mean the old APIs will be kept.  (That is all kind of up in the
air, though, and will depend on what is actually needed by the users of
this functionality...)

> I think it should not be too hard to generate a secret token from a
> password. For each CWUser, such a token could be kept updated with the
> password on the server via hooks. The dbapi could, given the password,
> generate the same secret token (the contrary must be very difficult and
> time consuming) to use for identification. All this system could be in a
> specific cube named cubicweb-enableconnectionviadbapiusinghttporhttps (some
> people may prefer a shorter name) that would depend on signedrequest and
> rqlcontroller.

The signedrequest tokens should very much be kept separate from user
passwords, IMO.

Cheers,
Julien
-- 
Julien Cristau          <julien.cristau at logilab.fr>
Logilab		        http://www.logilab.fr/
Informatique scientifique & gestion de connaissances



More information about the Cubicweb mailing list