[Zope-PTK] Proposal: password policy change

Fabio Forno sciasbat@inorbit.com
Wed, 23 Aug 2000 12:40:34 +0200


While integrating the PortalMembership  system I had do with a different
password policies: PM stores encrypted passwords and obviously hasn't a
getPassword method which unuseful in this case. To manage the
mail_password_form it skips the problem of reading it generating a new
password and replacing the old one. I think this is the most secure way
to handle passwords and should be implemented also in the standard PTK
portal_registration. We need just to eliminate the getPassword method,
and modify the mailPassword (I propose to rename it mailNewPassword)
method in order to: 
1) generate a new pwd
2) set it 
3) mail it

I don't think that in this way other membership systems will be affected
(they have just to change the way to check psswords if they do a mere
confrontation with non encrypted passwords) and this will allow to
integrate PM using the registration_tool (at present to have PM working
I have bypassed it)


ByE,
FF