[ic] For review - new Strap template for Interchange 5
Josh Lavin
jlavin at endpoint.com
Sat Oct 17 18:58:16 UTC 2015
Quoting Peter (peter at pajamian.dhs.org):
> On 08/08/2015 12:10 PM, Josh Lavin wrote:
> > The "Strap" template which Greg Hanson and I have been working on for a
> > couple years now has been updated to Bootstrap 3.x latest.
> >
> > If you weren't aware, Strap is a new template for IC 5.x, which is
> > completely modern HTML5 + CSS. It is based on the Bootstrap Framework,
> > and includes several improvements, such as SEO-friendly results,
> > better gift certs, checkout with usability features, etc (see more in
> > the link below).
> >
> > In preparation for replacing the old "standard" template for IC, I could
> > use some help in reviewing the "strap" template, to ensure it is ready
> > for prime-time.
>
> I just got around to having a look at some of the code for this and have
> a couple of suggestions:
>
> 1. Customer and affiliate passwords should be encrypted with bcrypt,
> not plain text. I think the time for allowing plain text storage of
> passwords is long past and IC is perfectly capable of using the current
> recommendation for this which is bcrypt.
I put this on the #interchange channel, but the reason we don't use
crypt in Strap at this point, is because of the demo mode. We want to
keep plain-text passwords for the demo users, so you can look in the
database and see what a user's password is, to login to their account.
Perhaps we can configure this on/off in catalog.cfg, depending on if
demo mode is on/off. I'll look at that.
Josh
> 2. Not a strap issue, but admin passwords should also be bcrypt now,
> not old crypt.
>
> To accommodate the above we may need to update KitchenSink to add the
> modules needed for bcrypt, I'm not sure if they're in KitchenSink at the
> moment or not. There may be a case for changing Bundle::Interchange, I
> don't know.
>
> I'll let you know if I come across anything else.
>
>
> Peter
>
> _______________________________________________
> interchange-users mailing list
> interchange-users at icdevgroup.org
> http://www.icdevgroup.org/mailman/listinfo/interchange-users
--
Josh Lavin
End Point Corporation
More information about the interchange-users
mailing list