subject:"\[Zope\-dev\] Plain\-text passwords in your ZODB"

Re: [Zope-dev] Plain-text passwords in your ZODB

2010-12-17 Thread Markus Kemmerling

Am 16.12.2010 um 20:58 schrieb Marius Gedminas: > On Thu, Dec 16, 2010 at 08:39:40PM +0100, Andreas Jung wrote: >> Marius Gedminas wrote: >>> So, did you know that by default Zope stores a copy of every user's >>> username and password in your ZODB, in plain text, on every login that >>> uses for

Re: [Zope-dev] Plain-text passwords in your ZODB

2010-12-16 Thread Wichert Akkerman

On 12/17/10 00:55 , Tres Seaver wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 12/16/2010 02:58 PM, Marius Gedminas wrote: >> On Thu, Dec 16, 2010 at 08:39:40PM +0100, Andreas Jung wrote: >>> Marius Gedminas wrote: So, did you know that by default Zope stores a copy of every u

Re: [Zope-dev] Plain-text passwords in your ZODB

2010-12-16 Thread Tres Seaver

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/16/2010 02:58 PM, Marius Gedminas wrote: > On Thu, Dec 16, 2010 at 08:39:40PM +0100, Andreas Jung wrote: >> Marius Gedminas wrote: >>> So, did you know that by default Zope stores a copy of every user's >>> username and password in your ZODB, in

Re: [Zope-dev] Plain-text passwords in your ZODB

2010-12-16 Thread Marius Gedminas

On Thu, Dec 16, 2010 at 08:39:40PM +0100, Andreas Jung wrote: > Marius Gedminas wrote: > > So, did you know that by default Zope stores a copy of every user's > > username and password in your ZODB, in plain text, on every login that > > uses forms and sessions (rather than HTTP basic auth)? > > B

Re: [Zope-dev] Plain-text passwords in your ZODB

2010-12-16 Thread Andreas Jung

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marius Gedminas wrote: > So, did you know that by default Zope stores a copy of every user's > username and password in your ZODB, in plain text, on every login that > uses forms and sessions (rather than HTTP basic auth)? By "Zope" you mean Zope 3, Z

[Zope-dev] Plain-text passwords in your ZODB

2010-12-16 Thread Marius Gedminas

So, did you know that by default Zope stores a copy of every user's username and password in your ZODB, in plain text, on every login that uses forms and sessions (rather than HTTP basic auth)? Look for them in /++etc++site/default/PersistentSessionDataContainer, inside the numerous SessionCredent

Re: [Zope-dev] Plain-text passwords in your ZODB

Re: [Zope-dev] Plain-text passwords in your ZODB

Re: [Zope-dev] Plain-text passwords in your ZODB

Re: [Zope-dev] Plain-text passwords in your ZODB

Re: [Zope-dev] Plain-text passwords in your ZODB

[Zope-dev] Plain-text passwords in your ZODB

6 matches

Site Navigation

Mail list logo

Footer information