Here are a couple of ideas I'd like to toss out. Proposals can take a
lot of time to write and it might be easier this way to flesh out the
1) Optional password encryption. Right now passwords are stored as
clear text. What's interesting is that Zope can already authenticate
against SHA encrypted passwords, it just won't encrypt user passwords
unless you force it to. As a test of Zope's ability to authenticate
against encrypted passwords, I sneakily implemented the "inituser"
changes with SHA encryption by default. That means that the password
for the initial user stored in the database is not possible to decrypt
and yet nobody has had any problems with it AFAIK. Since it has been
successful, I'd like to suggest we add a checkbox to basic user folders
that enables encryption for new passwords, and have it turned on by
default. The risk is incompatibility with HTTP digest auth, which I
imagine nobody is using right now.
2) If cPickle were to do something similar to "intern"-ing strings when
loading objects from the ZODB, Zope might consume significantly less
RAM on busy servers. ZODB uses lots of strings. ZODB caches cannot be
shared among threads. But strings, being immutable, can be safely
shared. We couldn't just intern the strings since that would make them
immortal, but if we used weak references it could work. The only risk
is the speed impact during loading of objects.
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -