16 Dec
2010
16 Dec
'10
7:58 p.m.
On Thu, Dec 16, 2010 at 08:39:40PM +0100, Andreas Jung wrote:
Marius Gedminas wrote:
So, did you know that by default Zope stores a copy of every user's username and password in your ZODB, in plain text, on every login that uses forms and sessions (rather than HTTP basic auth)?
By "Zope" you mean Zope 3, ZTK, Bluebream ...?
All of the above. More specifically, zope.pluggableauth (and, I assume, zope.app.authentication before that). I haven't looked at Zope 2, sorry. Marius Gedminas -- http://pov.lt/ -- Zope 3/BlueBream consulting and development