17 Aug
2007
17 Aug
'07
7:30 a.m.
So it would be nice to have some kind of password
object or something that always does some kind of one-way encryption
on the passwords (e.g. using MD5).
Pier never stored passwords as plain text. It is using SHA to
generate a hash number that is then stored in the user object.
It would be nice as well for something to do the whole
password
recovery stage as well, since this always works the same: user clicks
a link, gets an email forwarded that points to a secure site where
they can type in a new password, since passwords are not recoverable.
That's easily doable (see for example SqueakSource), the only problem
is that a Pier User doesn't include an e-mail address right now.
Lukas
--
Lukas Renggli
http://www.lukas-renggli.ch