On Thu, Dec 16, 2010 at 08:39:40PM +0100, Andreas Jung wrote: > Marius Gedminas wrote: > > So, did you know that by default Zope stores a copy of every user's > > username and password in your ZODB, in plain text, on every login that > > uses forms and sessions (rather than HTTP basic auth)? > > By "Zope" you mean Zope 3, ZTK, Bluebream ...?
All of the above. More specifically, zope.pluggableauth (and, I assume, zope.app.authentication before that). I haven't looked at Zope 2, sorry. Marius Gedminas -- http://pov.lt/ -- Zope 3/BlueBream consulting and development
Description: Digital signature
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )