[Zope] UserDb extensions

[Rob Page]

Hi Ross:

>  I've already sent a note to the DC guys about this, but 
>  they're all busy
>  having fun at the Expo,

Not me... <sniff><sniff>...

I'm stuck here answering phones :^)

>  so I thoungt I'd let the rest of you know, as
>  well. I'v been using the USerDb unsupported product, and 
>  like it. However,
>  I'v been bothered by seeing my users cleartext passwords in 
>  the db, so I
>  added crypt hashed storage to the UserDb product. This will 
>  allow the use
>  of unix 'passwd' style passwords (also used by apache for 
>  .htpasswd files)
>  in the database. It also gives a modicum of security if you 
>  db backend
>  is on a different machine from the Zope install, so the 
>  passwords don't
>  travel around in the clear in the SQL queries.

Absolutely, yeah!  In fact, due to our recent and thorough exposure to
LDAP I forsee a day, in the not-too-distant future, when all user
folderish stuff will let you, depending on underlying support, hash
passwords with nothing, crypt, MD5, or SHA as a config parameter of the
user folder.

--Rob