OK. So I'm going to check in the changes to implement MD5 and SHA1 hashing of passwords. This means *you'll* be responsible for making certain the database contains encrypted passwords. However, to show you that I'm not a horrible evil troll (like my daughter seems to think I am, because I make her take her Zantac, which is really foul stuff), I've added a method to the SqlObjectProvider class, encrypt_password, which given a clear-text password will hash it (or not) based on the current setting for identity.soprovider.encryption_algorithm.
I still have some testing to do before I'm ready to check in the changes, but I think this will work.
On 21 Dec, 2005, at 10:49 pm, Jeremy Jones wrote:
I was planning on creating my own registration form and encrypting the passwords in there before inserting them into the database. I was assuming that other folks using identity would need to do the same. Now, a CRUDy user management thingy would be pretty cool, but I personally wouldn't mind that being a longer term goal.
