[Zope-PAS] PAS Password Encryption
Andreas Pauley
apauley at gmail.com
Mon May 15 02:37:29 EDT 2006
Hi all,
I'm trying to add encryption to my PlonePAS site for use in SQLPASPLugin
(https://svn.plone.org/svn/collective/PASPlugins/SQLPASPlugin/).
Is there a central place where one can intercept all user-entered
passwords and encrypt them before they arrive at the authetication plugin?
If I can do that then a plugin like SQLPASPlugin wouldn't have to worry
about encryption, it would merely receive the password and compare it
against it's datasource.
I modified the extractCredentials() method in CookieAuthHelper.py to
return a modified version of the credentials, and this worked fine for
authentication.
However, it didn't work when trying to change a password:
1) Plone asks a user to enter his/her existing password and it seems
that my modified extractCredentials() isn't used when comparing the
existing password with the one in my database.
2) If I bypass the above validation and change the password, the new
password is the one as entered by the user (plaintext), not encrypted.
(I didn't test the adding of a new user)
My CookieAuthHelper modification isn't exactly ideal, because if another
extraction plugin is suddenly used (eg credentials_basic_auth) then
encryption won't happen.
What would be the best way to do this?
Regards,
Andreas Pauley
--
http://pauley.org.za/
"Merely having an open mind is nothing; the object of opening the mind,
as of opening the mouth, is to shut it again on something solid."
-- GK Chesterton
More information about the Zope-PAS
mailing list