grokproject stores password in plaintext in site.zcml. this is bad for deployment

On 5 Nov 2007, at 15:27 , Martijn Faassen wrote:
> grokproject currently stores a password in plaintext in site.zcml.
> When
> people worry about the security of this during deployment, we tell
> them
> "of course you should never DEPLOY grok this way". But we don't really
> have a good story for deploying Grok otherwise - not even a
> tutorial. So
> I propose we either let grokproject do the right thing to start with,

Which is... ?

> or we at least provide a good story on what to do when deploying.

Fine by me, but why exactly is this assigned to me? :)

> > or we at least provide a good story on what to do when deploying.
>
> Fine by me, but why exactly is this assigned to me? :)

You're the grokproject guy! Start a mailing list discussion about it.
Or I will. I don't know what the "right thing" to do here is either,
so let's
figure it out. If we don't know what can we expect our users to do? :)

just a related note, I am up at 3:30, just having finished a grok app, thinking...hmmm..now how do I deploy this :) That would be a good thing to cover in beginner docs. I am going to go to sleep now, as I can ask a zope friend to help me tomorrow.

Noah Gift

What about simply storing an SHA-1 encrypted password?

I tried the attached patch, which works fine for me. The encryption is not too strong, because the salt is missing, but better than plain text.

Uli, I'm assigning this issue to you. We need to consider how people change their passwords - just generating a project with a password encrypted is one step, but we need a way for people to easily change their admin password, and document how they do it.

Okay, I'll care for this. Not much response/objections to my question on the list, so I will do it as explained there.

I think this is not a real bug, so I declare it a wishlist item.

Added a wrapper for zope.app.server.zpasswd which is installed in bin/zpasswd of new grokprojects.

This script just generates ZCML snippets with principal definitions for inclusion in site.zcml or any other ZCML file. Users have to put the output in the appropriate ZCML file themselves, but they can use the tool with nearly any setup they have (separate users.zcml, additional/other password managers, ...).

Because the tool is generated by a simple entry in `buildout.cfg`, it is also easy to get rid of it in projects, if the tool is not wanted.

A document concerning changing the login credentials on grok.zope.org should also be provided.

`grokproject` now stores the initial password SHA1-encoded.