[ic] For review - new Strap template for Interchange 5

Stefan Hornburg (Racke) racke at linuxia.de
Sun Oct 18 12:06:26 UTC 2015

On 10/18/2015 02:49 AM, Jon Jensen wrote:
> On Sat, 17 Oct 2015, Josh Lavin wrote:
>>> 1.  Customer and affiliate passwords should be encrypted with bcrypt, not plain text.  I think the time for allowing plain text storage of passwords is long past and IC is perfectly capable of using the current recommendation for this which is bcrypt.
>> I put this on the #interchange channel, but the reason we don't use crypt in Strap at this point, is because of the demo mode. We want to keep plain-text passwords for the demo users, so you can look in the database and see what a user's password is, to login to their account.
> That doesn't seem like a compelling reason to me. Much more important to do the right thing by default for real sites, I think. Demos are temporary, but real ecommerce sites are forever. :)
> For the demo, can't we just show in plain text what the logins are on the login page itself?
> Jon

I agree with Jon as well ... strong crypt should be the default, a lot of Interchange
projects started from the demos.


Perl and Dancer Development

Visit our Perl::Dancer conference 2015.
More information on https://www.perl.dance.

More information about the interchange-users mailing list