Tino Wildenhain wrote:
Cyrille Bonnet wrote:
Hi Terry,
Sorry, I wasn't even aware that Zope stores the passwords in plain text.
 My primary concern (for the moment) is passwords in plain text in the

No it does not. The default userfolder stores passwords hashed.

What userfolder are you referring to?

Both Zope's default user folder and cookie crumbler both store the password base64 encoded, not hashed, there's a big difference.

That said, it's a config option per user folder as to whether or not password are stored encrypted in the ZODB.



Simplistix - Content Management, Zope & Python Consulting
           - http://www.simplistix.co.uk

Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to