[Zope-DB] Plaintext Password Concerns
Charlie Clark
charlie@begeistert.org
Thu, 15 May 2003 22:05:57 +0200
On 2003-05-15 at 22:00:41 [+0200], David A. Riggs wrote:
> Our University would like to give out Zope accounts for groups of
> students so they may experiment and work on various projects. One key
> feature that people would like to use is connectivity to a PostgreSQL
> database.
>
> We take security very seriously and would like some way around storing
> plaintext passwords in the connection strings for the Psycopg Database
> Connectors. Has anyone come up with some alternative to this or a
> solution to this possible security hazard?
I don't think this has anything to do with Postgres specifically but I
could recommend you set something up with XUF (ExUserFolder) which would
store the passwords encrypted - you use whatever system you like.
Charlie