#2289: Don't transmit cleartext passwords over the network
-------------------------+--------------------------------------------------
Reporter: pitrou | Owner:
Type: enhancement | Status: new
Priority: low | Milestone: 2.1
Component: TurboGears | Version: 2.0b7
Severity: normal | Resolution:
Keywords: |
-------------------------+--------------------------------------------------
Comment (by pitrou):
Replying to [comment:1 percious]:
> I think this is application-specific and should not be part of the core.
Are you kidding? If hashing passwords is application-specific, then why
are the passwords hashed in the database by default?
> Use HTTPs if you want password protection.
This is grotesque. HTTPS needs many more resources than a simple password
hashing scheme.
--
Ticket URL: <http://trac.turbogears.org/ticket/2289#comment:2>
TurboGears <http://www.turbogears.org/>
TurboGears front-to-back web development
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google
Groups "TurboGears Tickets" group.
This group is read-only. No posting by normal members allowed.
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears-tickets?hl=en?hl=en
-~----------~----~----~----~------~----~------~--~---
