grokproject stores password in plaintext in site.zcml. this is bad for deployment
Bug #160196 reported by
Martijn Faassen
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
grok |
Fix Released
|
Wishlist
|
Uli Fouquet | ||
1.0 |
Fix Released
|
Wishlist
|
Uli Fouquet |
Bug Description
grokproject currently stores a password in plaintext in site.zcml. When people worry about the security of this during deployment, we tell them "of course you should never DEPLOY grok this way". But we don't really have a good story for deploying Grok otherwise - not even a tutorial. So I propose we either let grokproject do the right thing to start with, or we at least provide a good story on what to do when deploying.
Changed in grok: | |
assignee: | nobody → philipp-weitershausen |
Changed in grok: | |
milestone: | none → 1.0 |
To post a comment you must log in.
On 5 Nov 2007, at 15:27 , Martijn Faassen wrote:
> grokproject currently stores a password in plaintext in site.zcml.
> When
> people worry about the security of this during deployment, we tell
> them
> "of course you should never DEPLOY grok this way". But we don't really
> have a good story for deploying Grok otherwise - not even a
> tutorial. So
> I propose we either let grokproject do the right thing to start with,
Which is... ?
> or we at least provide a good story on what to do when deploying.
Fine by me, but why exactly is this assigned to me? :)