RE: [Zope] Security glitch on user-editing form
Great; I'm sorry I wasn't aware of this. Question: Do you need a module for NT authentication, or are you writing this already? (In case you need contributions.) Alexander Staubo http://www.mop.no/~alex/ mailto:redhand@mop.no
-----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Rob Page Sent: 11. mai 1999 22:54 To: 'Alexander Staubo' Cc: 'zope@zope.org' Subject: RE: [Zope] Security glitch on user-editing form
Any one-way encryption method will work, but why not modularized authentication support? Something that would permit you to use anything
Already there in user folders! :^) We happen to have implemented an internal Zope authentication/authorization database. Additionally, at:
http://www.zope.org/Download/Unsupported
there's an etcUserFolder (auth against /etc/passwd type files) and a UserDB (auth against an RDBMS) and sometime soon there might be an LDAPUserFolder based on something that smells a lot like an LDAP Database Adapter.
from one-way-encryption to Kerberos to LDAP, but not necessarily just a fixed algorithm. LDAP is an interesting possibility, but I don't like the idea of being stapled to LDAP -- it's overkill for most installations.
I agree totally! My _real_ question was, in the internal User Folder component, whether to store passwords a) in their original form or b) as a hash or c) as a selectable option ... Of course, the c) is probably the best answer!
--Rob
_______________________________________________ Zope maillist - Zope@zope.org http://www.zope.org/mailman/listinfo/zope
(For developer-specific issues, use the companion list, zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )
participants (1)
-
Alexander Staubo