[Zope] Major security flaw in Zope 2.3.2

Evan Simpson evan@4-am.com
Thu, 7 Jun 2001 10:39:28 -0400


From: "Jerome Alet" <alet@unice.fr>
> so why not make it an option (not reversable) which would default to the
> safe "passwordhash=YES", and which would allow computational intensive
> sites (many authenticated requests a day) to disable it knowingly after
> having properly secured access to Data.fs AND Data.fs.old

Don't tell me, I'll just nod wisely and forget five seconds later ;-)

Tell
http://dev.zope.org/Wikis/DevSite/Proposals/EncryptedUserfolderPasswordsDisc
ussion.

Cheers,

Evan @ digicool & 4-am