After two stages of setting up a development system, I (haj) am now about to change stuff. As this wiki isn't actually overused, I'm filling the space to announce things where I'm going to make incompatible changes.
Since stage1 was pushed only yesterday, this list is short.
Password handling: As of now, Act passwords are case insensitive. I don't see any justification for that. Simply dropping that case insensitivity makes brute force cracking attacks against user passwords more difficult, about two orders of magnitude if upper case characters are actually used.
A GDPR topic: Allow an user to delete his account
. Added 2019-06-05: As it turns out, this topic drives me to a first refactoring. I'd like to separate provider data from conference data, and to separate different conferences from each other. The PSGI implementation has started this separation with a conference app,
and I'd like to avoid constructing SQL or dealing with file system paths in the conference app. For the new classes I'm about to use Moo as an object system.
Act is act-ually three services rolled into one:
- An authentication service, checking an user's credentials,
- A user information service, allowing users to store information about themselves, and
- A conference service, managing talks, tracks, schedules for one conference.
Separating these services, at first in the APIs, and then in the database makes sense. The data have different authors, different audiences, and a different lifetime.