Zope password problem

Mathias Magdowski Magdowski at t-online.de
Mon Sep 25 16:57:10 EDT 2000 

Hello,

I think the problem with the passwords is away and now at first I will read
the tutorial. If I have further questions I will write back. Thanks for your
advice.


--
                        Mathias Magdowski

e-mail: Magdowski at t-online.de
web: http://home.t-online.de/home/magdowski
fon: 039201/20266
fax: 039201/20283
data: 039201/20283 (login: guest, protocol: Eurofile)
Tres Seaver <tseaver at starbase.neosoft.com> schrieb in im Newsbeitrag:
FF4D80662ED37767.0D459A84B1176962.7D8E10DA99F52C0F at lp.airnews.net...
> In article <8qkn86$oho$14$1 at news.t-online.com>,
> Mathias Magdowski <Magdowski at t-online.de> wrote:
> >Hello,
> >
> >I'm using
> >Zope Version: Zope 2.2.0 (binary release, python 1.5.2, win32-x86)
> >Python version: 1.5.2 (#0, Jul 30 1999, 09:52:18) [MSC 32 bit (Intel)]
> >System Platform: win32
> >on my Win98 computer and I have the following problem:
> >If I add a user with a passwort and save this user, I can't login with
this
> >username and password.
> >If I login as superuser and click again on this user, there a password
with
> >9 * and a confirm password with 8 *. Why doesn't Zope save the correct
> >passwords?
>
> This behavior isn't a bug -- it's a feature.  If you do a "View | Source"
> on the "/acl_users/manage_userForm" page, you'll see that the contents
> of the password input widget are "password", and the confirm widget,
> "confirm";  if you submit the form with those values, Zope won't
> overwrite the existng password (but will make other changes, to roles
> and domains).  The other choices were:
>
>  * Put nothing at all in the two widgets;  this choice either makes it
>    impossible to create a user with no password, which can be useful when
>    combined with the 'domains' bit, or else requires that you reset the
>    password in order to change roles/domains.
>
>  * Put the actual password in both widgets;  since I just pointed you
>    at the "View | Source" bit above, it should be clear that this is
>    bad practice;  administrators should be able to reset users passwords,
>    but not to read them.
>
> The Zope collector has an existing bug on the (unnecessary) coupling
> between password setting and role/domain setting.
>
> Tres.
> --
> ===============================================================
> Tres Seaver                                tseaver at digicool.com
> Digital Creations     "Zope Dealers"       http://www.zope.org

More information about the Python-list mailing list