subject:"\[Zope\-dev\] Plain\-text passwords in your ZODB"

[Zope-dev] Plain-text passwords in your ZODB

2010-12-16 Thread Marius Gedminas

So, did you know that by default Zope stores a copy of every user's username and password in your ZODB, in plain text, on every login that uses forms and sessions (rather than HTTP basic auth)? Look for them in /++etc++site/default/PersistentSessionDataContainer, inside the numerous

Re: [Zope-dev] Plain-text passwords in your ZODB

2010-12-16 Thread Andreas Jung

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marius Gedminas wrote: So, did you know that by default Zope stores a copy of every user's username and password in your ZODB, in plain text, on every login that uses forms and sessions (rather than HTTP basic auth)? By Zope you mean Zope 3, ZTK,

Re: [Zope-dev] Plain-text passwords in your ZODB

2010-12-16 Thread Marius Gedminas

On Thu, Dec 16, 2010 at 08:39:40PM +0100, Andreas Jung wrote: Marius Gedminas wrote: So, did you know that by default Zope stores a copy of every user's username and password in your ZODB, in plain text, on every login that uses forms and sessions (rather than HTTP basic auth)? By Zope

Re: [Zope-dev] Plain-text passwords in your ZODB

2010-12-16 Thread Tres Seaver

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/16/2010 02:58 PM, Marius Gedminas wrote: On Thu, Dec 16, 2010 at 08:39:40PM +0100, Andreas Jung wrote: Marius Gedminas wrote: So, did you know that by default Zope stores a copy of every user's username and password in your ZODB, in plain

[Zope-dev] Plain-text passwords in your ZODB

Re: [Zope-dev] Plain-text passwords in your ZODB

Re: [Zope-dev] Plain-text passwords in your ZODB

Re: [Zope-dev] Plain-text passwords in your ZODB

4 matches

Site Navigation

Mail list logo

Footer information