Sorry about that, the solution is quite simple: I had to put identity.soprovider.encryption_algorithm = 'sha1'
in app.cfg and now everything is encrypted. I vaguely recalled that the default is encryption but apparently the default is clear text, so a modification of app.cfg was necessary. Cheers, Daniel On 6/1/14, fetchinson . <[email protected]> wrote: > Hi all, > > I'm using tg 1.5 with sqlite and sqlobject which is also the identity > provider and it turns out the password field of the User class is > stored in cleartext. In model.py I see that _set_password overwrites > the default and passes the cleartext password through > identity.encrypt_password but nevertheless the cleartext stuff gets > written to the db. > > In turbogears/identity/base.py I tried checking what is actually > happening but it's way too complicated. Perhaps I should be using > encrypt_pw_with_algorithm instead in _set_password of User? At least > this is what is recommended by some of the comments. But then the > identity framework will need to be modified somewhere so that when a > password comparison is made the same function is called. > > In any case what's the preferred way to proceed? > > Cheers, > Daniel > > > -- > Psss, psss, put it down! - http://www.cafepress.com/putitdown > -- Psss, psss, put it down! - http://www.cafepress.com/putitdown -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/turbogears. For more options, visit https://groups.google.com/d/optout.
