From: Eric Wong <normalperson@...>
Date: 2018-07-25T03:04:00+00:00
Subject: [ruby-core:88095] Re: [Ruby trunk Feature#14915] Deprecate String#crypt, move implementation to string/crypt

merch-redmine@jeremyevans.net wrote:
> normalperson (Eric Wong) wrote:
> >  Can you do it as a single option which doesn't involve having
> >  users copy+paste code?  Something like:
> >  
> >  	:password_hash => (:bcrypt|:crypt|:blahblah)
> >  
> >  It can raise and tell users to install 'bcrypt' if 'bcrypt'
> >  is missing.
> 
> One issue with that is it doesn't offer a way to specify the
> password hash cost.  For example, the bcrypt gem defaults to
> cost 10, and htpasswd defaults to cost 5 (cost 10 is 2**(10-5)
> times as many iterations as cost 5).  It also doesn't offer a
> way to use custom authentication (e.g. using basic
> authentication to authenticate against LDAP).  It's simple,
> but inflexible.

Allowing options which other servers do not support is not
something I want, as it could be a way to lock people into
WEBrick.  Being compatible with htpasswd to allow users
of other servers to easily migrate in any direction is more
important.

I haven't looked into LDAP authentication; but maybe that can
use a URI to the LDAP server instead of path.  I don't know how
Apache or other servers do it, even; but we should try to steal
configuration/setup ideas from others servers to minimize
migration costs in either direction and not introduce things
which make it difficult to migrate away from.

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>