6 Jun
2001
6 Jun
'01
7 p.m.
Jerome Alet wrote:
I understand that there's the problem of existing third party products which may expect unencrypted passwords: just do it anyway and inform people. I suppose there won't be hundreds of such third party products.
Just do a poll: does any reader of this list expects such a bad behavior in his own Zope products ?
Afaik, the only bad behaviour from hashing (_not_ encrypting) the passwords would be the impossibility to use password verification methods that don't send cleartext passwords over the wire (challenge-response password exchange). But as the preferred method for avoid password sniffing is using ssl anyway I don't think it is too much of a problem. ----------------- Hannu