[Zope] Re: Zope digest, Vol 1 #616 - 60 msgs

Chris McDonough chrism@digicool.com
Mon, 07 Feb 2000 18:30:10 -0500 

BTW, I'm not fixing it, it's in the collector... to be fixed.  When? 
Good question.

Chris McDonough wrote:
> 
> Tres Seaver wrote:
> Yep, I agree... that's why I said I wasn't sure if it wasn't a feature.
> But  it interferes with the administrator assigning new roles to a user
> if he doesn't have the user's password which needs to be fixed.
> 
> >
> > > From:
> > > Organization: Digital Creations
> > > To: "Cornelis J. de Brabander" <brabander@fsw.LeidenUniv.nl>
> > > CC: zope <zope@zope.org>
> > > Subject: Re: [Zope] upgrading to 2.1.3 and acl_users
> > >
> > > Cornelius,
> > >
> > > I noticed this too the other day.
> > >
> > > It's a form problem.  It's not a serious issue, just that the form that
> > > comes with 2.1.3 (and 2.1.2, and maybe even 2.1.0) for editing users
> > > doesn't have the proper DTML to show the old username and password.  I'm
> > > not even sure that this wasn't a feature.
> > >
> > > I will either fix it or put it in the collector soon.
> >
> > NOOOOOOOO!  It was an awful security hole to echo the existing password out the
> > the User edit form -- please don't put it back!  Think about it -- on a Unix
> > system, even root can't read another users password, but only reset it.  This is
> > the Right Thing (TM) for Zope to do.
> >
> > >
> > > "Cornelis J. de Brabander" wrote:
> > > >
> > > > Hi,
> > > > I have performed an upgrade from 2.0.0 tot 2.1.3. (Windows NT) by copying
> > > > the data.fs.* to the var directory of the new Zope install. Both services
> > > > were stopped during copy. All went well, but in all acl_users folders the
> > > > passwords appear to have disappeared: in the manage screen of acl_users, the
> > > > password and confirm fields are empty. However, the site functions as it
> > > > should: where required access is only granted after inputting the original
> > > > password that belonged to a user in the 2.0.0-version. Does anybody have a
> > > > clue about what could have happened, respectively whether this is a
> > > > forerunner of trouble?
> > > > cb
> >
> > --
> > =========================================================
> > Tres Seaver         tseaver@palladion.com    713-523-6582
> > Palladion Software  http://www.palladion.com
> 
> --
> Chris McDonough - Digital Creations, Inc.
> Publishers of Zope - http://www.zope.org
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )

-- 
Chris McDonough - Digital Creations, Inc.
Publishers of Zope - http://www.zope.org