I just found that Zope presents the user-editing form (manage_users) with the password in plaintext. That's a bit crude. The HTML code that Zope produces is like this: ... <TR> <TD VALIGN="TOP"> <STRONG>Password</STRONG> </TD> <TD VALIGN="TOP"> <INPUT TYPE="PASSWORD" NAME="password" VALUE="cucumber" SIZE="40"> </TD> </TR> ... This is a security problem -- in two ways: Firstly, the password is in the HTML, and secondly, the number of characters in the password can be interpreted by the user. Also it's quite redundant. There's no reason for Zope to pass the actual password. Zope should give the HTML thus: <INPUT TYPE="PASSWORD" NAME="password" VALUE="123456789" SIZE="40"> If the user posts changes without changing the password, Zope can detect if the password is receives is "123456789" and ignore it. A better dummy password should perhaps be chosen to avoid clashing with potential real-world passwords. Alternatively, a check box could be provided requiring the user to check the box in order to change password. Just my 2 cents' worth. The future obviously is in public-key encryption, but until Zope gets it, plaintext passwords ought to be secured as tightly as possible. Alexander Staubo http://www.mop.no/~alex/ mailto:redhand@mop.no