Re: [Zope-dev] Proposed proposals: password encryption, ZODB RAM

On Tue, 19 Jun 2001, Toby Dickenson wrote: > However, I dont think encrypting user passwords is enough. Data.fs may > contain plaintext passwords for relational databases, and in many > cases it contains arbitrary confidential information. True. The RDBMS passwords are probably more sensitive t

Re: [Zope-dev] Proposed proposals: password encryption, ZODB RAM

On Mon, 18 Jun 2001 12:28:54 -0400, Shane Hathaway <[EMAIL PROTECTED]> wrote: >1) Optional password encryption. Right now passwords are stored as >clear text. I dont understand the advantage of this scheme as applied to Zope. As long as basic authentication is used, a system administrator is

Re: [Zope-dev] Proposed proposals: password encryption, ZODB RAM

On Monday 18 June 2001 15:33, Martijn Pieters wrote: > On Mon, Jun 18, 2001 at 12:28:54PM -0400, Shane Hathaway wrote: > > 1) Optional password encryption. Right now passwords are stored as > > clear text. What's interesting is that Zope can already authenticate > > against SHA encrypted passwor

Re: [Zope-dev] Proposed proposals: password encryption, ZODB RAM

On Mon, Jun 18, 2001 at 12:28:54PM -0400, Shane Hathaway wrote: > 1) Optional password encryption. Right now passwords are stored as > clear text. What's interesting is that Zope can already authenticate > against SHA encrypted passwords, it just won't encrypt user passwords > unless you forc