[Zope-DB] Plaintext Password Concerns

Charlie Clark charlie@begeistert.org
Thu, 15 May 2003 22:05:57 +0200

On 2003-05-15 at 22:00:41 [+0200], David A. Riggs wrote:
> Our University would like to give out Zope accounts for groups of 
> students so they may experiment and work on various projects. One key 
> feature that people would like to use is connectivity to a PostgreSQL 
> database.
> We take security very seriously and would like some way around storing 
> plaintext passwords in the connection strings for the Psycopg Database 
> Connectors. Has anyone come up with some alternative to this or a 
> solution to this possible security hazard?

I don't think this has anything to do with Postgres specifically but I 
could recommend you set something up with XUF (ExUserFolder) which would 
store the passwords encrypted - you use whatever system you like.