On Wed, Jun 06, 2001 at 02:22:28PM -0400, Brian Lloyd wrote:
http://dev.zope.org/Wikis/DevSite/Proposals/EncryptedUserfolderPasswords
I didn't know that.
It is a little more than a 2 or 3 line patch; please read what's already there, add your comments, help us to work out the conversion issues, and help us get a sense of priority for this.
I'll try to give it a look.
It is rather dispiriting to see a "shocking major security flaw!" thread about something that has been quite visible in the proposals area for nearly 6 months. :(
Sorry, I understand your feelings. I was so shocked to discover this that I've posted in a too emotional spirit I suppose. The very disturbing thing is the fact that the inituser file is encrypted, so I was confident that all other passwords were encrypted. However this problem doesn't need another 6 months or so for a solution.
Please let me know if you have ideas for improvements we can make to the fishbowl to encourage more people to use it.
Yes, as Oleg would probably say: put all this in a mailing list ! bye, Jerome Alet