[Zope-dev] Plain-text passwords in your ZODB

Andreas Jung lists at zopyx.com
Thu Dec 16 14:39:40 EST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Marius Gedminas wrote:
> So, did you know that by default Zope stores a copy of every user's
> username and password in your ZODB, in plain text, on every login that
> uses forms and sessions (rather than HTTP basic auth)?

By "Zope" you mean Zope 3, ZTK, Bluebream ...?

Andreas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQGUBAEBAgAGBQJNCmr8AAoJEADcfz7u4AZjECgLwMBt7xcFw/WmgM3I6NtahSTI
OOQtb/lfg4MLIO4cpncdaISZCa6+g0JHgluDWNTtwwsP9t2FwAIWW/xSDqh6l8Ex
fh0BTd3za2LZBp3p6bkxqFq6PZwEw7kBnEX9T6N0R4dKTeBeKhWl3TGA9dmjlYzI
Tmy9nJp2qUN0svhVuRt/Ezvwl3ag36r6v6Hn3XVMGQOkAq4BOuXFeTugnlcSQ9dA
FfntsK1USQ7XiIxV/7vYGEiJYgoVAjVFGPzmpSfaIlyKTh/rLpbHn0J+Wom52ARx
1/JvWZ5gE+zkWT6WD+urNtw98wbJsF0LB4IxakahCfagBur/sowLZyKUomcUFRQB
EyeW3+9SBL0ZV8Zju4q6iV0SPUkDJUewIfWIpvzi50Tc3SdcwJXl/YKXRk3a1S7P
M6yH0fKfxPzwKl5F2Quttul8lI58ZlNX/UCBhbuq+5AoTJL3/+DboiRAqR1BMvcR
gz26Seni3bXJPZ4BjIgNsRUPu5cusAA=
=f+jf
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lists.vcf
Type: text/x-vcard
Size: 316 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope-dev/attachments/20101216/1cc88280/attachment.vcf 


More information about the Zope-Dev mailing list