[Zope] Security glitch on user-editing form
Alexander Staubo
alex@mop.no
Tue, 11 May 1999 23:25:40 +0200
Great; I'm sorry I wasn't aware of this.
Question: Do you need a module for NT authentication, or are you writing
this already? (In case you need contributions.)
Alexander Staubo
http://www.mop.no/~alex/
mailto:redhand@mop.no
>-----Original Message-----
>From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Rob
>Page
>Sent: 11. mai 1999 22:54
>To: 'Alexander Staubo'
>Cc: 'zope@zope.org'
>Subject: RE: [Zope] Security glitch on user-editing form
>
>
>> Any one-way encryption method will work, but why not modularized
>> authentication support? Something that would permit you to
>> use anything
>
>Already there in user folders! :^) We happen to have implemented an
>internal Zope authentication/authorization database. Additionally, at:
>
>http://www.zope.org/Download/Unsupported
>
>there's an etcUserFolder (auth against /etc/passwd type files) and a
>UserDB (auth against an RDBMS) and sometime soon there might be an
>LDAPUserFolder based on something that smells a lot like an LDAP
>Database Adapter.
>
>> from one-way-encryption to Kerberos to LDAP, but not
>> necessarily just a
>> fixed algorithm. LDAP is an interesting possibility, but I
>don't like
>> the idea of being stapled to LDAP -- it's overkill for most
>> installations.
>
>I agree totally! My _real_ question was, in the internal User Folder
>component, whether to store passwords a) in their original form or b)
>as a hash or c) as a selectable option ... Of course, the c) is
>probably the best answer!
>
>--Rob
>
>_______________________________________________
>Zope maillist - Zope@zope.org
>http://www.zope.org/mailman/listinfo/zope
>
>(For developer-specific issues, use the companion list,
>zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )
>