[Zope] Re: Question about Zope and security
Tino Wildenhain
tino at wildenhain.de
Thu Mar 30 04:48:43 EST 2006
Chris Withers schrieb:
> Tino Wildenhain wrote:
>
>> Cyrille Bonnet wrote:
>>
>>> Hi Terry,
>>
>> ...
>>
>>> Sorry, I wasn't even aware that Zope stores the passwords in plain text.
>>> My primary concern (for the moment) is passwords in plain text in the
>>> request.
>>
>>
>> No it does not. The default userfolder stores passwords hashed.
>
>
> What userfolder are you referring to?
>
> Both Zope's default user folder and cookie crumbler both store the
> password base64 encoded, not hashed, there's a big difference.
>
Well, not that cookie crumbler stores any passwords anyway .-)
The checkbox is there for a long time. I might have read about
that its default now or just hallucinated ;)
++Tino
More information about the Zope
mailing list