>Ignoring all the other issues, any solution which actually requires the >password to be stored on the server is a bad solution. Administrators >should not have access to user passwords, and in addition users should >not be put in the position of having to trust your server-side security >to keep their passwords (which they might have used on other systems) >from being grabbed by hackers. > > Users will always need to trust in the server. The authentication process ensures that the client is really talking with the desired server and vice versa. But even if you know that you are talking to the right server, you need to trust in the server. The administrator of the server has access to all data. Possibly other persons and softwares too. Passwords are not different from this point of view.
Les -- http://mail.python.org/mailman/listinfo/python-list