[Pharo-users] [ANN] Application Security for your domains

Hernán Morales Durand hernan.morales at gmail.com
Sat Mar 29 16:54:32 EDT 2014


2014-03-29 10:05 GMT-03:00 Pierce Ng <pierce at samadhiweb.com>:
> On Thu, Mar 27, 2014 at 08:58:48PM -0300, Hern??n Morales Durand wrote:
>> Second, my first entry contains a post about Application Security, a new
>> package to make Pharo applications more secure. You can start playing with
>> the objects right now, while more documentation is being written for the
>> next release.
>
> Hi,
>
> Good stuff!
>
> I've been doing some password-related work as well.
>
>   http://samadhiweb.com/blog/2013.08.11.splitpasswordstore.html
>
> This allows writing the following:
>
>   spec := DBConnectionSpec new
>             key: 'mysql';
>             host: 'localhost'; port: 3306;
>             user: 'myappuser';
>       ====> password: (SpsSplitPasswordStore readFrom: 'myappuser.dat');
>             yourself.
>
> Also, SHA256/512 password hashing:
>
>   http://samadhiweb.com/blog/2013.11.17.shacrypt.html
>
> Code for both is published on SS3.
>

Cool, thanks for sharing.

BTW you can compile sha512crypt.c under Windows MinGW by conditionally adding:

#define MAX(x,y)                ((x) > (y) ? (x) : (y))
#define MIN(x,y)                ((x) < (y) ? (x) : (y))

#ifndef alloca
    #define alloca(x) __builtin_alloca(x)
#endif

/* Taken from http://searchcode.com/codesearch/view/22364370 */
char * stpncpy (char *dst, const char *src, size_t len) {
    size_t n = strlen (src);
    if (n > len)
    n = len;
    return strncpy (dst, src, len) + n;
}

 cc -m32 -shared -o libshacrypt.dll *.o

Hernán




More information about the Pharo-users mailing list