Re: [Zope] Re: Question about Zope and security

Tino Wildenhain Thu, 30 Mar 2006 01:49:07 -0800

Chris Withers schrieb:

Tino Wildenhain wrote:

Cyrille Bonnet wrote:

Hi Terry,

...

Sorry, I wasn't even aware that Zope stores the passwords in plain text.
 My primary concern (for the moment) is passwords in plain text in the
request.



No it does not. The default userfolder stores passwords hashed.



What userfolder are you referring to?

Both Zope's default user folder and cookie crumbler both store thepassword base64 encoded, not hashed, there's a big difference.

Well, not that cookie crumbler stores any passwords anyway .-)
The checkbox is there for a long time. I might have read about
that its default now or just hallucinated ;)

++Tino
_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **

(Related lists -http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Re: Question about Zope and security

Reply via email to