On Mon, Jun 18, 2001 at 12:28:54PM -0400, Shane Hathaway wrote:
> 1) Optional password encryption. Right now passwords are stored as
> clear text. What's interesting is that Zope can already authenticate
> against SHA encrypted passwords, it just won't encrypt user passwords
> unless you force it to. As a test of Zope's ability to authenticate
> against encrypted passwords, I sneakily implemented the "inituser"
> changes with SHA encryption by default. That means that the password
> for the initial user stored in the database is not possible to decrypt
> and yet nobody has had any problems with it AFAIK. Since it has been
> successful, I'd like to suggest we add a checkbox to basic user folders
> that enables encryption for new passwords, and have it turned on by
> default. The risk is incompatibility with HTTP digest auth, which I
> imagine nobody is using right now.
There is already a proposal for this:
You could, of course, create a counter proposal..
| Software Engineer mailto:[EMAIL PROTECTED]
| Digital Creations http://www.digicool.com/
| Creators of Zope http://www.zope.org/
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -