renggli at iam.unibe.ch
Fri Aug 17 07:30:19 MEST 2007
> So it would be nice to have some kind of password
> object or something that always does some kind of one-way encryption
> on the passwords (e.g. using MD5).
Pier never stored passwords as plain text. It is using SHA to
generate a hash number that is then stored in the user object.
> It would be nice as well for something to do the whole password
> recovery stage as well, since this always works the same: user clicks
> a link, gets an email forwarded that points to a secure site where
> they can type in a new password, since passwords are not recoverable.
That's easily doable (see for example SqueakSource), the only problem
is that a Pier User doesn't include an e-mail address right now.
More information about the smallwiki