7 Jun
2001
7 Jun
'01
1:36 a.m.
From: "Jerome Alet" <alet@unice.fr>
Of course for every new user of every password change, store the password in an encrypted form (MD5 will do).
The patch should be an one (or two) liner (although I've not verified) and should be transparent for everyone.
Keep in mind that there's a price to be paid, here. Since HTTP is connectionless, interacting with Zope requires re-authenticating on every request. If you're going to have a lot of requests that require authentication, you want it to be computationally inexpensive. On the other hand, if the only people logging in are a few developers, it's not a problem. Cheers, Evan @ digicool & 4-am