...

admin privileges or whatever. I intended no criticism of the zope security model other than 1) the passwords are in a meaningfully named file, 2) the file is unencrypted and 3) there is a standard initial manager login and password. These are not serious holes, but would get you shown the door by the more paranoid. ad 3) Ok, changing the standard superuser password is natural. Perhaps it should be random generated.

This will be the case in the first beta release, assuming I don't trip up and kill myself before the end of the week. It will use the same algorithm the binary releases use. Additionally,the file will store the password in SHA-1 format, which eventually will propagate into the rest of the system (more on this later when it's been smoothed out). This does mean that most likely WebDAV won't work with the superuser account, but then you shouldn't be using the superuser account, right? :-) BTW, changing the name is simply obscurity, and well, that won't fly. Chris -- | Christopher Petrilli Python Powered Digital Creations, Inc. | petrilli@digicool.com http://www.digicool.com