[Zope] Re: Question about Zope and security
Chris Withers
chris at simplistix.co.uk
Thu Mar 30 02:31:42 EST 2006
Tino Wildenhain wrote:
> Cyrille Bonnet wrote:
>> Hi Terry,
> ...
>> Sorry, I wasn't even aware that Zope stores the passwords in plain text.
>> My primary concern (for the moment) is passwords in plain text in the
>> request.
>
> No it does not. The default userfolder stores passwords hashed.
What userfolder are you referring to?
Both Zope's default user folder and cookie crumbler both store the
password base64 encoded, not hashed, there's a big difference.
That said, it's a config option per user folder as to whether or not
password are stored encrypted in the ZODB.
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope
mailing list