[Zope] Security: acl_users' passwds encrypted?

[Brian Lloyd]

> Even using Cookie mode authentication with the LoginManager product,
> the user/password data is merely base64 encoded (not encrypted).
> 
> Someday I like to get a challenge/response authentication going, where
> the server sends a one-time challenge value and the client/browser
> uses MD5 (via javascript) to hash the user's password combined with
> that one-time code.  This works great in PHPlib.  But I don't
> understand the architecture of LoginManager well enough yet to hack
> it.

Better yet, wider client support for HTTP Digest authentication
(a standards-based equivalent to the above).

Brian Lloyd        brian@digicool.com
Software Engineer  540.371.6909              
Digital Creations  http://www.digicool.com