[Zope-PTK] DISCUSS: Why Zope.org has soft cookies

Shalabh Chaturvedi shalabh@pspl.co.in
Mon, 17 Jan 2000 23:18:11 +0530 

Amos Latteier wrote:

...                   <snipped>
>
> > I imagine that we should provide some knobs to let portal
> > owners choose
> > different policies, but I think the default should be like
> > other sites.
>
> This sounds reasonable. I'm not sure if other sites in general work the
> way you assert, but none the less it sounds like a friendlier solution
> for the user.

Now I think I have wandered aimlessly enough on the web to comment on that one
;-)
Yes, most sites do give you a cookie so that you don't have to login again but
they allow you to disable that feature. They have a checkbox on the first
login page which says "Remember my Password" so that you know what you are
doing. There's also a "what's this" link next to the checkbox to explain
things.

> However, I can imagine a case where the user's cookie gets lost for one
> reason or another (for example, they change browsers) and if they are
> not used to logging in, they will most likely not remember their
> password. At this point they'll need to mail themselves their password.
> Not a big deal I guess.

Does this mean that the passwords are stored as plaintext in Zope? Many users
(including me) don't like the servers to store the passwords in plaintext. I
fear is that if the security of the passwords file is compromised, my password
is out - and I don't like that. Also because I know that hackers know that
people typically use the same password for a number of sites. I don't even
want the admin to know my password (sure, even if its encrypted he can change
my password, but he wouldn't know what password I used).
The way the lost password problem is solved with encrypted passwords is that
the server changes the user's password to a randomly generated string which it
also emails to the user.

~Shalabh
---------------------------------------------------------------
"We are all in the gutter,
but some of us are looking at the stars"
-Oscar Wilde
---------------------------------------------------------------