Hi all, I'm using tg 1.5 with sqlite and sqlobject which is also the identity provider and it turns out the password field of the User class is stored in cleartext. In model.py I see that _set_password overwrites the default and passes the cleartext password through identity.encrypt_password but nevertheless the cleartext stuff gets written to the db.
In turbogears/identity/base.py I tried checking what is actually happening but it's way too complicated. Perhaps I should be using encrypt_pw_with_algorithm instead in _set_password of User? At least this is what is recommended by some of the comments. But then the identity framework will need to be modified somewhere so that when a password comparison is made the same function is called. In any case what's the preferred way to proceed? Cheers, Daniel -- Psss, psss, put it down! - http://www.cafepress.com/putitdown -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/turbogears. For more options, visit https://groups.google.com/d/optout.
