Authentication

Overview

Terms defined: cookie

Outline

• Assign everyone staff member a user ID and a 4-digit PIN
• Generate account data with generate_accounts.py
  • Use a Jinja template to produce a SQL file for migration
  • Doesn't check for uniqueness of generated usernames
• server.py
  • Set the user's staff ID as the cookie
  • Horribly insecure (easy to fake)
  • Only show experiments to the person who created them
  • Handling cookies in JavaScript (or Python) is unpleasant