Okay. That seems reasonable. But it brings up a second question: Is it supposed to work? I turned on encrytption, then clicked on "update passwords". I was then completely unable to sign on with any of those accounts. I had to create the emergency user, turn off encryption, and change the user passwords to force them to store as clear text again. I've done this on two different servers so far with identical results (both 2.5.1). Does anyone have this turned on and working?
-----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Chris McDonough Sent: Tuesday, August 20, 2002 10:53 AM To: Charlie Reiman; zope@zope.org Subject: Re: [Zope] User Folder default behavior
This is a backwards compatibility measure, from what I remember...
----- Original Message ----- From: "Charlie Reiman" <creiman@kefta.com> To: <zope@zope.org> Sent: Tuesday, August 20, 2002 12:49 PM Subject: [Zope] User Folder default behavior
I just noticed the default option for the stock User Folder is to not encrypt passwords.
Why? Shouldn't any web server that gets exposed to the real world error on the side more security and less convenience?