Hi all,

I'm trying to add encryption to my PlonePAS site for use in SQLPASPLugin

Is there a central place where one can intercept all user-entered passwords and encrypt them before they arrive at the authetication plugin? If I can do that then a plugin like SQLPASPlugin wouldn't have to worry about encryption, it would merely receive the password and compare it against it's datasource.

I modified the extractCredentials() method in CookieAuthHelper.py to return a modified version of the credentials, and this worked fine for authentication.
However, it didn't work when trying to change a password:
1) Plone asks a user to enter his/her existing password and it seems that my modified extractCredentials() isn't used when comparing the existing password with the one in my database. 2) If I bypass the above validation and change the password, the new password is the one as entered by the user (plaintext), not encrypted.

(I didn't test the adding of a new user)

My CookieAuthHelper modification isn't exactly ideal, because if another extraction plugin is suddenly used (eg credentials_basic_auth) then encryption won't happen.

What would be the best way to do this?

Andreas Pauley


"Merely having an open mind is nothing; the object of opening the mind,
as of opening the mouth, is to shut it again on something solid."
                                         -- GK Chesterton

Zope-PAS mailing list

Reply via email to