[Zope] Major security flaw in Zope 2.3.2
Brian Lloyd
brian@digicool.com
Wed, 6 Jun 2001 14:22:28 -0400
> On Wed, Jun 06, 2001 at 08:41:06AM -0500, Farrell, Troy wrote:
> > security system from the filesystem. These passwords should not be
> > cleartext anymore than you would select the cleartext option for your
> > inituser or access file.
>
>
> The patch should be an one (or two) liner (although I've not
> verified) and should be transparent
> for everyone.
Hi folks -
There has been a proposal by Ross Lazarus about this since
Jan. 28, 2001:
http://dev.zope.org/Wikis/DevSite/Proposals/EncryptedUserfolderPasswords
It is a little more than a 2 or 3 line patch; please read what's
already there, add your comments, help us to work out the
conversion issues, and help us get a sense of priority for this.
It is rather dispiriting to see a "shocking major security flaw!"
thread about something that has been quite visible in the proposals
area for nearly 6 months. :(
Please let me know if you have ideas for improvements we can make
to the fishbowl to encourage more people to use it.
Brian Lloyd brian@digicool.com
Software Engineer 540.371.6909
Digital Creations http://www.digicool.com