[Zope-PTK] Re: Proposal: password policy change

Bill Anderson bill@libc.org
Thu, 24 Aug 2000 01:01:19 -0600


Fabio Forno wrote:
> 
> Shane Hathaway wrote:
> >
> 
> > 1) People will forget their passwords and need a way
> > out.  The most "user friendly" way out is for them to
> > receive their password again via e-mail.  Of course
> > this is terribly insecure, but slashdot and many
> > others do it this way, so those who run PTK sites will
> > expect this to be an option.
> >
> Ok, this may be an option, so we need two sets of functions:
>   mailPassword + getPassword
> and
>   mailNewPassword + getNewPassword (this one may be not necessary)
> 
> and also a flag determining the password policy

The flag makes the duplication unnecessary.

PolicyA: Encrypted
PolicyB: ClearText

The mailPassword method could check the flag, and act accordingly, ie. set new password in case of PolicyA and mail
that, or just email the password in case of PolicyB. The getPassword method would just return the password, encrypted or
no. If you are running in 'secure mode', you get an encrypted password back. Not usefull most of the time, but it
hypothetically could be. In InSecure mode, you get the password back. Usefull for sending a user their password, but
little else.




--
Do not meddle in the affairs of sysadmins, for they are easy to annoy,
and have the root password.