On Thu, Dec 16, 2010 at 08:39:40PM +0100, Andreas Jung wrote:
> Marius Gedminas wrote:
> > So, did you know that by default Zope stores a copy of every user's
> > username and password in your ZODB, in plain text, on every login that
> > uses forms and sessions (rather than HTTP basic auth)?
> By "Zope" you mean Zope 3, ZTK, Bluebream ...?

All of the above.  More specifically, zope.pluggableauth (and, I assume,
zope.app.authentication before that).

I haven't looked at Zope 2, sorry.

Marius Gedminas
http://pov.lt/ -- Zope 3/BlueBream consulting and development

Attachment: signature.asc
Description: Digital signature

Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 https://mail.zope.org/mailman/listinfo/zope )

Reply via email to