Hey zopeists - I've already sent a note to the DC guys about this, but they're all busy having fun at the Expo, so I thoungt I'd let the rest of you know, as well. I'v been using the USerDb unsupported product, and like it. However, I'v been bothered by seeing my users cleartext passwords in the db, so I added crypt hashed storage to the UserDb product. This will allow the use of unix 'passwd' style passwords (also used by apache for .htpasswd files) in the database. It also gives a modicum of security if you db backend is on a different machine from the Zope install, so the passwords don't travel around in the clear in the SQL queries. Of course, the biggest benfit is my not having to cringe when I see the bad passwords people chose in the database ;-) If anyone wants the patches, I can supply them. I assume it'll show up in the unsupported or contrib downloads at www.zope.org, once they get back. This requires the python crypt module. My Win32 install seems to have included it automagically. I had to copy the cryptmodule.so from my system python install into my Zope specific one to get in to work on Linux. Ross P.S. A useful script, for converting an exisiting sql db: as written, it takes a whitespace seperated file of username,password pairs and spits out sql statements to update the passwords (this version works with Postgresql: you may need to flavor by changing the ; or something to work with other dbs) from string import split,letters from crypt import crypt from whrandom import choice import fileinput for line in fileinput.input(): name,password=split(line) print "update users set password='%s' where username='%s';" % (crypt(password,choice(letters)+choice(letters)),name) -- Ross J. Reedstrom, Ph.D., <reedstrm@rice.edu> NSBRI Research Scientist/Programmer Computer and Information Technology Institute Rice University, 6100 S. Main St., Houston, TX 77005