30 Mar
2006
30 Mar
'06
9:48 a.m.
Chris Withers schrieb:
Tino Wildenhain wrote:
Cyrille Bonnet wrote:
Hi Terry,
...
Sorry, I wasn't even aware that Zope stores the passwords in plain text. My primary concern (for the moment) is passwords in plain text in the request.
No it does not. The default userfolder stores passwords hashed.
What userfolder are you referring to?
Both Zope's default user folder and cookie crumbler both store the password base64 encoded, not hashed, there's a big difference.
Well, not that cookie crumbler stores any passwords anyway .-) The checkbox is there for a long time. I might have read about that its default now or just hallucinated ;) ++Tino