Martijn Faassen wrote:
Shane Hathaway wrote:
We should really be using the SSHA standard (as defined by LDAP) as a minimum. SSHA was the default in Zope 2, but someone forgot to bring this code over to Zope 3.
http://svn.zope.org/Zope/trunk/lib/python/AccessControl/AuthEncoding.py?rev=...
So perhaps this should be ported over and we should do an announcement that we ask people to use that instead?
Yes. The first volunteer to change "we should do it" into "I have done it" will earn recognition, glory, and a permanent place in Zope's Subversion history! Also, every encrypted password should have a scheme name prefix in curly braces, such as "{SSHA}", as discussed earlier in this thread. That makes it possible to support multiple schemes in a single database, which is essential for migration to new schemes. Shane