[Zope] User Folder default behavior

Charlie Reiman creiman@kefta.com
Tue, 20 Aug 2002 11:10:05 -0700


Okay. That seems reasonable. But it brings up a second question: Is it
supposed to work?

I turned on encrytption, then clicked on "update passwords". I was then
completely unable to sign on with any of those accounts. I had to create the
emergency user, turn off encryption, and change the user passwords to force
them to store as clear text again.

I've done this on two different servers so far with identical results (both
2.5.1). Does anyone have this turned on and working?

> -----Original Message-----
> From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Chris
> McDonough
> Sent: Tuesday, August 20, 2002 10:53 AM
> To: Charlie Reiman; zope@zope.org
> Subject: Re: [Zope] User Folder default behavior
>
>
> This is a backwards compatibility measure, from what I remember...
>
> ----- Original Message -----
> From: "Charlie Reiman" <creiman@kefta.com>
> To: <zope@zope.org>
> Sent: Tuesday, August 20, 2002 12:49 PM
> Subject: [Zope] User Folder default behavior
>
>
> > I just noticed the default option for the stock User Folder is to
> not
> > encrypt passwords.
> >
> > Why? Shouldn't any web server that gets exposed to the real world
> error on
> > the side more security and less convenience?
> >