[Zope3-dev] possible bug in z.a.password?
Dmitry Vasiliev
dima at hlabs.spb.ru
Sat Apr 21 04:57:07 EDT 2007
Adam Groszer wrote:
> Using the current trunk I experienced that using the PAU with a user
> folder and users passwords stored with MD5, entering accented
> characters as passwords causes an exception. That happens either at
> adding the principal or at Z3's stock login form.
>
> I think this is not my fault, but could somebody crosscheck that please?
>
> Traceback from the login form, I entered "éá" as password:
> File "U:\zope\svn_zope34\src\zope\publisher\publish.py", line 130, in publish
> File "U:\zope\svn_zope34\src\zope\app\authentication\password.py", line 77, in
[skip]
> encodePassword
> return md5.new(password).hexdigest()
> UnicodeEncodeError: 'ascii' codec can't encode characters in position 0-1: ordin
> al not in range(128)
Ugh, my bad I didn't notice that passwords may be Unicode strings. I
think password should be encoded to UTF-8 before processing but I don't
know that to do with backward compatibility. As an option we can
introduce new Unicode-aware password managers. Opinions?
--
Dmitry Vasiliev <dima at hlabs.spb.ru>
http://hlabs.spb.ru
More information about the Zope3-dev
mailing list