[Zope] Sending Zope Passwords.

Tino Wildenhain tino@wildenhain.de
Wed, 18 Jul 2001 23:47:50 +0200


Hi jleach,

if you have to ask, the answer might not be so valuable
for you ;)
zopes acl_user folder, which is the standard, supports
HTTP Basic Authentication as of rfc2616.
This means the username/password is not encrypted in the
HTTP session, rather it is obfuscated using base64 encoding.

The storage in the object database is encrypted using SHA
hashing. (At least last time I checked this)

Does this help you?

You can use any other authentication mechanism, if you use
a different User-Folder and/or implement it yourself
(and hope your clients do as well)

Most common practice is using Apache (or Squid 2.5) as ssl-proxy
in front of zope.

HTH
Tino Wildenhain

--On Mittwoch, 18. Juli 2001 14:20 -0700 "Jason C. Leach" 
<jleach@drivingbeat.com> wrote:

> hi,
>
> how are Zope passwords transmitted? Secure or UN-secure?
>
> j.
> --
> ......................
> ..... Jason C. Leach
> ..
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )