Tino Wildenhain wrote:
Cyrille Bonnet wrote:
Sorry, I wasn't even aware that Zope stores the passwords in plain text.
My primary concern (for the moment) is passwords in plain text in the
No it does not. The default userfolder stores passwords hashed.
What userfolder are you referring to?
Both Zope's default user folder and cookie crumbler both store the
password base64 encoded, not hashed, there's a big difference.
That said, it's a config option per user folder as to whether or not
password are stored encrypted in the ZODB.
Simplistix - Content Management, Zope & Python Consulting
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists -