Tino Wildenhain wrote:
Cyrille Bonnet wrote:
Hi Terry,
...
Sorry, I wasn't even aware that Zope stores the passwords in plain text.
 My primary concern (for the moment) is passwords in plain text in the
request.


No it does not. The default userfolder stores passwords hashed.

What userfolder are you referring to?

Both Zope's default user folder and cookie crumbler both store the password base64 encoded, not hashed, there's a big difference.

That said, it's a config option per user folder as to whether or not password are stored encrypted in the ZODB.

cheers,

Chris

--
Simplistix - Content Management, Zope & Python Consulting
           - http://www.simplistix.co.uk

_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to