Switch to HMAC-based registration strategy

Question

Switch to HMAC-based registration strategy

Closed this issue 9 years ago · 4 comments

According to https://django-registration.readthedocs.org/en/2.0.3/model-workflow.html#model-workflow, the workflow in use by Wafer is discouraged and replaced by the better HMAC-based approach.

At this stage, it might make sense to shift to the new approach documented here still:
https://django-registration.readthedocs.org/en/2.0.3/hmac.html#hmac-workflow

Thoughts?
-m

Answer 1 · 2016-02-08T09:17:46.000Z

wafer uses django-registration-redux, not django-registration, due to the original project's spotty maintenance record, so this is not currently an option.

Answer 2 · 2016-02-08T09:54:56.000Z

@drnlm It's my understanding that django-registration is back on track, while django-registration-redux is actually fading again. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806182

I am not sure what it'd involve, but maybe we don't actually want to stay with -redux?

Answer 3 · 2016-02-08T10:24:17.000Z

There's no evidence that django-registration-redux is struggling as a project - the commit frequency has been fairly consistent since the fork happened, and the most recent release was in January.

Having been burnt once by django-registration going AWOL, I see little reason to risk changing back.

Answer 4 · 2016-02-08T10:29:26.000Z

Thanks for sharing your insights. I'd still love to see HMAC-based authentication as it really simplifies the whole thing, but at this stage it's mostly a nice-to-have…