[Grok-dev] Password encryption in grokproject generated site.zcml
(bug #160196)
Uli Fouquet
uli at gnufix.de
Tue Mar 11 09:11:30 EDT 2008
Hi there,
the bug #160196 (grokproject stores password in plaintext in site.zcml)
is waiting for care for a few months new. See
https://bugs.launchpad.net/grok/+bug/160196
To sum it up, it targets the question whether (and how) the site.zcml
generated by grokproject should store the admin password encrypted.
It _is_ of course possible to change grokproject in a way, so that the
password is stored SHA-1 encrypted, which could make deployment of
grokproject-generated sites more secure. It would touch only newly
generated sites/projects.
My question: could that break any other stuff? What about WSGI/repoze
for example? Is there a use case, where the password has to be plain
text (beside obliviousness of site maintainers)?
Kind regards,
--
Uli
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://mail.zope.org/pipermail/grok-dev/attachments/20080311/2ea87eaf/attachment.bin
More information about the Grok-dev
mailing list