Hey Dan,

Thanks for taking the initiative to propose more refactorings!

Dan Korostelev wrote:
> I'd like to continue moving code to saner places, so here's two more
> little ideas on next refactorings:
> - Move password managers from zope.app.authentication to a new
> package, like zope.password. They are really useful in any
> authentication system, even not related to "zope3 the app server" or
> zodb at all. That move will ease the reuse of password
> encoding/checking mechanism in other authentication software, so
> people won't need to install anything but password manager and
> zope.interface. 

+1 on moving these managers to zope.password.

I know Uli did some work recently on a more secure way to store 
passwords. We should be sure in the documentation of zope.password to 
point out what the current best way to manage passwords is.

> The zope.schema is also needed for the password
> manager vocabulary, but I'm not sure if the vocabulary should go to
> the new package, because it adds a dependency on zope.schema. What do
> people think?

I'd say leave the vocabulary behind in zope.app.authentication. It's a 
zope.app.* package so we'll surely get back to it to mine it for 
reusable stuff more. Perhaps the vocabulary is there to support the ZMI, 
or perhaps it'll have to go somewhere else.

> - Move the functionality of zope.app.principalannotation to new
> package, zope.principalannotation, leaving only appsetup bootstrap
> subscriber and browser menu item, as well as compatibility imports in
> the original package.

+1 to this one too.

> I'd volunteer to do that little refactorings, if noone objects.

Great! I think nobody will object, so feel free to go ahead.



Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to