Zope password problem
Tres Seaver
tseaver at starbase.neosoft.com
Mon Sep 25 01:29:35 EDT 2000
In article <8qkn86$oho$14$1 at news.t-online.com>,
Mathias Magdowski <Magdowski at t-online.de> wrote:
>Hello,
>
>I'm using
>Zope Version: Zope 2.2.0 (binary release, python 1.5.2, win32-x86)
>Python version: 1.5.2 (#0, Jul 30 1999, 09:52:18) [MSC 32 bit (Intel)]
>System Platform: win32
>on my Win98 computer and I have the following problem:
>If I add a user with a passwort and save this user, I can't login with this
>username and password.
>If I login as superuser and click again on this user, there a password with
>9 * and a confirm password with 8 *. Why doesn't Zope save the correct
>passwords?
This behavior isn't a bug -- it's a feature. If you do a "View | Source"
on the "/acl_users/manage_userForm" page, you'll see that the contents
of the password input widget are "password", and the confirm widget,
"confirm"; if you submit the form with those values, Zope won't
overwrite the existng password (but will make other changes, to roles
and domains). The other choices were:
* Put nothing at all in the two widgets; this choice either makes it
impossible to create a user with no password, which can be useful when
combined with the 'domains' bit, or else requires that you reset the
password in order to change roles/domains.
* Put the actual password in both widgets; since I just pointed you
at the "View | Source" bit above, it should be clear that this is
bad practice; administrators should be able to reset users passwords,
but not to read them.
The Zope collector has an existing bug on the (unnecessary) coupling
between password setting and role/domain setting.
Tres.
--
===============================================================
Tres Seaver tseaver at digicool.com
Digital Creations "Zope Dealers" http://www.zope.org
More information about the Python-list
mailing list