30 Mar
2006
30 Mar
'06
7:31 a.m.
Tino Wildenhain wrote:
Cyrille Bonnet wrote:
Hi Terry, ... Sorry, I wasn't even aware that Zope stores the passwords in plain text. My primary concern (for the moment) is passwords in plain text in the request.
No it does not. The default userfolder stores passwords hashed.
What userfolder are you referring to? Both Zope's default user folder and cookie crumbler both store the password base64 encoded, not hashed, there's a big difference. That said, it's a config option per user folder as to whether or not password are stored encrypted in the ZODB. cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk