13 Nov
2002
13 Nov
'02
10:59 p.m.
Dnia sro 13. listopad 2002 17:45, Boud Roukema napisal:
Hi Bartek, I think what you are saying is that the password used to modify a zwicky page could be read while it's passing through the net, and so other people could then use the password.
Here's my response if I've understood you correctly:
(1) the authorisation is handled by the server zope - we have "encrypt user passwords" enabled, so i think the passwords are... encrypted - if zope works as it says it does.
Not exactly. Encryption is only valid for storing password on the server's disk. But they are sent over network with open text. If we want encryption we have to run Secure Socket Layer as Bartek says.
TL