On Wed, Jun 06, 2001 at 08:41:06AM -0500, Farrell, Troy wrote:
security system from the filesystem. These passwords should not be cleartext anymore than you would select the cleartext option for your inituser or access file.
The patch should be an one (or two) liner (although I've not verified) and should be transparent for everyone.
Hi folks - There has been a proposal by Ross Lazarus about this since Jan. 28, 2001: http://dev.zope.org/Wikis/DevSite/Proposals/EncryptedUserfolderPasswords It is a little more than a 2 or 3 line patch; please read what's already there, add your comments, help us to work out the conversion issues, and help us get a sense of priority for this. It is rather dispiriting to see a "shocking major security flaw!" thread about something that has been quite visible in the proposals area for nearly 6 months. :( Please let me know if you have ideas for improvements we can make to the fishbowl to encourage more people to use it. Brian Lloyd brian@digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com