On Wed, Jun 06, 2001 at 02:22:28PM -0400, Brian Lloyd wrote:
There has been a proposal by Ross Lazarus about this since Jan. 28, 2001:
http://dev.zope.org/Wikis/DevSite/Proposals/EncryptedUserfolderPasswords
I've read it. So just a question: What are you waiting for before implementing it ? The proposed patch complete with method definition and docstring, taking care of two different encryption methods is 13 lines long ! Just what I called a one liner. The original author didn't submit a patch to encrypt all unencrypted user passwords to take care of existing Data.fs files, so what ? Do you want me to write it ? Every time Zope is launched and recreate its index, just take care of it, encrypt unencrypted passwords and update the ZODB automatically. This wouldn't slow down Zope when running, only when it's restarted. I understand that there's the problem of existing third party products which may expect unencrypted passwords: just do it anyway and inform people. I suppose there won't be hundreds of such third party products. Just do a poll: does any reader of this list expects such a bad behavior in his own Zope products ? bye, Jerome Alet