Hi, Yes, I'm a shameless spammer. There is no central place to discuss this though, it's not a Python issue. I've approached Rails, Symfony and some Java/.Net groups.
> I'm surprised that no one has mentioned it yet, but obviously with such > a scheme, you have to store the passwords in clear text on the server > side, don't you? This is just not acceptable for some sites, so any > authentication scheme that requires this, can only be ever an option. No need for plaintext passwords, you can hash them in the database too. In fact, in the scheme I recommend the server never sees a plaintext password. It's true that the stored hashes are password- equivalents, that a hacker could use them to login to the site. But the crucial point is that a hacker can't use them to login to other sites. This is discussed in detail on the site. Paul --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears Trunk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/turbogears-trunk?hl=en -~----------~----~----~----~------~----~------~--~---
