[Zope-dev] PAS, AuthEncoding and zope.password
Tres Seaver
tseaver at palladion.com
Fri Feb 18 16:48:37 EST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/18/2011 04:19 PM, Martijn Pieters wrote:
> I was looking into bcrypt[1] support for PAS I found z3c.bcrypt, which
> implements zope.password compontents (named utilities).
>
> PAS, however, uses Zope2's AccessControl.AuthEncoding module to handle
> password encryption / hashing schemes. Now, while AuthEncoding
> certainly supports extending the available schemes, it does need
> additional glue-code to be able to reuse zope.password components.
> Moreover, we now have two places to maintain the various hashing and
> encryption schemes.
>
> We should at the very least convert PAS to use zope.password instead
> of AccessControl.AuthEncoding. With that change it is then at least
> trivial to support bcrypt as well, you simply install the additional
> z3c.bcrypt egg and be done with it. But would it make sense to convert
> Zope2 itself as well? We could make the AuthEncodings module simply a
> proxy (with deprecation warnings if need be) for zope.password
> components.
>
> Any objections to reworking both AuthEncoding and PAS?
- -1 to any deprecation warnings; +0 otherwise.
Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk1e6TUACgkQ+gerLs4ltQ7M6ACgpYmHdAFTuTb8M+aoGQFuIzza
waIAn2AHG4xx/0wAe2ZE2Q2izgXPFPrK
=7sQ8
-----END PGP SIGNATURE-----
More information about the Zope-Dev
mailing list