[Zope-PAS] PAS Password Encryption

Andreas Pauley apauley at gmail.com
Mon May 15 02:37:29 EDT 2006

Hi all,

I'm trying to add encryption to my PlonePAS site for use in SQLPASPLugin

Is there a central place where one can intercept all user-entered 
passwords and encrypt them before they arrive at the authetication plugin?
If I can do that then a plugin like SQLPASPlugin wouldn't have to worry 
about encryption, it would merely receive the password and compare it 
against it's datasource.

I modified the extractCredentials() method in CookieAuthHelper.py to 
return a modified version of the credentials, and this worked fine for 
However, it didn't work when trying to change a password:
1) Plone asks a user to enter his/her existing password and it seems 
that my modified extractCredentials() isn't used when comparing the 
existing password with the one in my database.
2) If I bypass the above validation and change the password, the new 
password is the one as entered by the user (plaintext), not encrypted.

(I didn't test the adding of a new user)

My CookieAuthHelper modification isn't exactly ideal, because if another 
extraction plugin is suddenly used (eg credentials_basic_auth) then 
encryption won't happen.

What would be the best way to do this?

Andreas Pauley


"Merely having an open mind is nothing; the object of opening the mind,
as of opening the mouth, is to shut it again on something solid."
                                          -- GK Chesterton

More information about the Zope-PAS mailing list