On Tue, 19 Jun 2001, Toby Dickenson wrote:
> However, I dont think encrypting user passwords is enough. Data.fs may
> contain plaintext passwords for relational databases, and in many
> cases it contains arbitrary confidential information.
True. The RDBMS passwords are probably more sensitive t
On Mon, 18 Jun 2001 12:28:54 -0400, Shane Hathaway
<[EMAIL PROTECTED]> wrote:
>1) Optional password encryption. Right now passwords are stored as
>clear text.
I dont understand the advantage of this scheme as applied to Zope.
As long as basic authentication is used, a system administrator is
On Monday 18 June 2001 15:33, Martijn Pieters wrote:
> On Mon, Jun 18, 2001 at 12:28:54PM -0400, Shane Hathaway wrote:
> > 1) Optional password encryption. Right now passwords are stored as
> > clear text. What's interesting is that Zope can already authenticate
> > against SHA encrypted passwor
On Mon, Jun 18, 2001 at 12:28:54PM -0400, Shane Hathaway wrote:
> 1) Optional password encryption. Right now passwords are stored as
> clear text. What's interesting is that Zope can already authenticate
> against SHA encrypted passwords, it just won't encrypt user passwords
> unless you forc