-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marius Gedminas wrote:
So, did you know that by default Zope stores a copy of every user's username and password in your ZODB, in plain text, on every login that uses forms and sessions (rather than HTTP basic auth)?
By "Zope" you mean Zope 3, ZTK, Bluebream ...? Andreas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQGUBAEBAgAGBQJNCmr8AAoJEADcfz7u4AZjECgLwMBt7xcFw/WmgM3I6NtahSTI OOQtb/lfg4MLIO4cpncdaISZCa6+g0JHgluDWNTtwwsP9t2FwAIWW/xSDqh6l8Ex fh0BTd3za2LZBp3p6bkxqFq6PZwEw7kBnEX9T6N0R4dKTeBeKhWl3TGA9dmjlYzI Tmy9nJp2qUN0svhVuRt/Ezvwl3ag36r6v6Hn3XVMGQOkAq4BOuXFeTugnlcSQ9dA FfntsK1USQ7XiIxV/7vYGEiJYgoVAjVFGPzmpSfaIlyKTh/rLpbHn0J+Wom52ARx 1/JvWZ5gE+zkWT6WD+urNtw98wbJsF0LB4IxakahCfagBur/sowLZyKUomcUFRQB EyeW3+9SBL0ZV8Zju4q6iV0SPUkDJUewIfWIpvzi50Tc3SdcwJXl/YKXRk3a1S7P M6yH0fKfxPzwKl5F2Quttul8lI58ZlNX/UCBhbuq+5AoTJL3/+DboiRAqR1BMvcR gz26Seni3bXJPZ4BjIgNsRUPu5cusAA= =f+jf -----END PGP SIGNATURE-----