Martijn Faassen wrote: > Shane Hathaway wrote: >> We should really be using the SSHA standard (as defined by LDAP) as a >> minimum. SSHA was the default in Zope 2, but someone forgot to bring >> this code over to Zope 3. >> >> http://svn.zope.org/Zope/trunk/lib/python/AccessControl/AuthEncoding.py?rev=94737&view=markup > > So perhaps this should be ported over and we should do an announcement > that we ask people to use that instead?
Yes. The first volunteer to change "we should do it" into "I have done it" will earn recognition, glory, and a permanent place in Zope's Subversion history! Also, every encrypted password should have a scheme name prefix in curly braces, such as "{SSHA}", as discussed earlier in this thread. That makes it possible to support multiple schemes in a single database, which is essential for migration to new schemes. Shane _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )