Piotr Furman wrote: > >> I've edited GMailAuthPlugin, renamed it MD5AuthPlugin, added that code >> and removed the google specific code. It doesn't give any errors, but it >> also doesn't let me log in. I've tried adding a line to log things, but >> that doesn't seem to be working either. >> > > Maybe You should take a look at SQLPASPlugin - > http://plone.org/products/sqlpasplugin - there are some SHA encryption > possibilities, however they are commented by default. > So You would have to modify it's code little bit.
That's what I was using before. I had no idea that it supported SHA, or that it was so easy to add MD5. That has solved my problem - Thanks It's a pretty silly implementation, though. The point of hashing passwords with MD5 or SHA1 is that if an attacker can read the password files due to some kind of security leak, he still doesn't have the passwords themselves, so he still can't login. Unfortunately, the way it is implemented in SQLPASPlugin, the fact that he doesn't have the password doesn't matter because if you put the hash itself in the password field, you are allowed into the site. It doesn't matter too much for my application, but it's something that should probably be fixed. Thanks for everyone's advice, though. Robert (Jamie) Munro _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )