Il 02/03/2011 11:28, toutpt ha scritto:
storing plain-text password is a security issue by design.
I need to update it but I have done sth similar in collective.sugarcrm. The
authentication should be done on the external services, and you are supposed
to store the session id (valid for a short time period) that let the current
authenticated user access to some external resources.
This mean you can tell to others "hey, use this external service for
your users". This cannot be possible in every situation, for example
when the counterpart is not very collaborative, or you've a legacy
system. Sometimes the world is not perfect :P
-----
Jean-Michel François aka toutpt
http://toutpt.wordpress.com
http://twitter.com/toutpt
--
View this message in context:
http://plone.293351.n2.nabble.com/Retrieve-external-users-credentials-tp6064232p6080346.html
Sent from the Product Developers mailing list archive at Nabble.com.
_______________________________________________
Product-Developers mailing list
[email protected]
https://lists.plone.org/mailman/listinfo/product-developers
_______________________________________________
Product-Developers mailing list
[email protected]
https://lists.plone.org/mailman/listinfo/product-developers
