[Zope] Re: Question about Zope and security

Tino Wildenhain tino at wildenhain.de
Thu Mar 30 04:48:43 EST 2006


Chris Withers schrieb:
> Tino Wildenhain wrote:
> 
>> Cyrille Bonnet wrote:
>>
>>> Hi Terry,
>>
>> ...
>>
>>> Sorry, I wasn't even aware that Zope stores the passwords in plain text.
>>>  My primary concern (for the moment) is passwords in plain text in the
>>> request.
>>
>>
>> No it does not. The default userfolder stores passwords hashed.
> 
> 
> What userfolder are you referring to?
> 
> Both Zope's default user folder and cookie crumbler both store the 
> password base64 encoded, not hashed, there's a big difference.
> 
Well, not that cookie crumbler stores any passwords anyway .-)
The checkbox is there for a long time. I might have read about
that its default now or just hallucinated ;)

++Tino


More information about the Zope mailing list