[Zope] acl_users and encrypted passwords

Peter Bengtsson peter at fry-it.com
Fri Aug 7 11:10:14 EDT 2009


No, it's different every time.

Consider this::

    def _doAddUser(self, name, password, roles, domains, **kw):
        """Create a new user"""
        ...
        if password is not None and self.encrypt_passwords:
            print "\tself._encryptPassword('word')=",
repr(self._encryptPassword('word'))
            print "\tself._encryptPassword('word')=",
repr(self._encryptPassword('word'))
            print "\tself._encryptPassword('word')=",
repr(self._encryptPassword('word'))

When running this you get this output::

 	self._encryptPassword('word')= '{SSHA}dxZSdvO5CiaMbDuCC0mAreI0R6nqc5RyYFGo'
	self._encryptPassword('word')= '{SSHA}pup1PWzONwMnGXk/itXd6rhySF8MOuI57SO6'
	self._encryptPassword('word')= '{SSHA}HGRxMfi9J7uGK8tfHvuMWfIbNghvu+Z2hb7a'



2009/8/7 Andreas Jung <lists at zopyx.com>:
> On 07.08.09 16:26, Peter Bengtsson wrote:
>> When you encrypt your passwords in an acl_users User Folder, is there
>> a way to check that the old password is correct?
>> I'm building an app that allows the user to change her password with
>> the usual form of:
>>   Old: ________
>>   New: ________
>>   Confirm: ________
>>
> You has the 'old' password using the same algorithm and compare it
> against the stored password hash. Look the AccessControl API of Zope.
>
> -aj
>
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )
>
>



-- 
Peter Bengtsson,
work www.fry-it.com
home www.peterbe.com
hobby www.issuetrackerproduct.com
fun crosstips.org


More information about the Zope mailing list