+-------[ Robert (Jamie) Munro ]----------------------


| It's a pretty silly implementation, though. The point of hashing
| passwords with MD5 or SHA1 is that if an attacker can read the password
| files due to some kind of security leak, he still doesn't have the
| passwords themselves, so he still can't login.

Remembering that if you have enough access to get to the database, you
probably have enough access to alter the Zope app itself (either by inserting
a new user, or through other permissions). So at that point it would be
trivial to alter any code to simply spew out the plaintext passwords (although
needing them at this point would probably be pointless).

I wouldn't worry about people trying to bruteforce your passwords, there are
many, much more efficient methods to grab zope passwords, once you achieve a
certain level of minimal access.

| Unfortunately, the way it
| is implemented in SQLPASPlugin, the fact that he doesn't have the
| password doesn't matter because if you put the hash itself in the
| password field, you are allowed into the site.

Yeah well...

Andrew Milton
Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to