On Mon, Jun 18, 2001 at 12:28:54PM -0400, Shane Hathaway wrote:
> 1) Optional password encryption.  Right now passwords are stored as 
> clear text.  What's interesting is that Zope can already authenticate 
> against SHA encrypted passwords, it just won't encrypt user passwords 
> unless you force it to.  As a test of Zope's ability to authenticate 
> against encrypted passwords, I sneakily implemented the "inituser" 
> changes with SHA encryption by default.  That means that the password 
> for the initial user stored in the database is not possible to decrypt 
> and yet nobody has had any problems with it AFAIK.  Since it has been 
> successful, I'd like to suggest we add a checkbox to basic user folders 
> that enables encryption for new passwords, and have it turned on by 
> default.  The risk is incompatibility with HTTP digest auth, which I 
> imagine nobody is using right now.

There is already a proposal for this:


You could, of course, create a counter proposal..

Martijn Pieters
| Software Engineer  mailto:[EMAIL PROTECTED]
| Digital Creations  http://www.digicool.com/
| Creators of Zope   http://www.zope.org/

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to