Martijn Faassen wrote:
> Shane Hathaway wrote:
>> We should really be using the SSHA standard (as defined by LDAP) as a 
>> minimum.  SSHA was the default in Zope 2, but someone forgot to bring 
>> this code over to Zope 3.
> So perhaps this should be ported over and we should do an announcement 
> that we ask people to use that instead?

Yes.  The first volunteer to change "we should do it" into "I have done 
it" will earn recognition, glory, and a permanent place in Zope's 
Subversion history!

Also, every encrypted password should have a scheme name prefix in curly 
braces, such as "{SSHA}", as discussed earlier in this thread.  That 
makes it possible to support multiple schemes in a single database, 
which is essential for migration to new schemes.

Zope-Dev maillist  -
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to