Next: , Previous: , Up: Authentication   [Contents]

19.3 Common Authentication

There are multiple authentication methods that can be used by developers. Most of them are sort of tricky hacks. Here are the most common.

The most common, and relatively safe way to authenticate, is to use the POST method, and check the username and passwd from a table in the DB.

There are several ways to provide authentication.

The simplest case is for String Template:

#:auth "string-template"

If you save the account data in a database table, then you can use the table mode:

#:auth `(table ,table-name [,username-field] [,passwd-field] [,salt-field] [,hmac])

NOTE: The square-bracked [args] above are optional.

The default values for the optional items are:

TODO: remove the brackets for salt-field, as it says below that it’s not optional. And specify whether "optional" means that can be skipped or set to #f to use the default value.

GNU Artanis requires a salted password, it’s not optional.

So please prepare a field in a table for the salt string. It’s your duty to generate a salt string, please see Random String Generator. When authenticating, please specify the salt field name in the salt-field argument.

For hmac item, please see HMAC.