On Jul 31, 8:45 am, Jonathan Lundell <jlund...@pobox.com> wrote: > It wouldn't be extraordinarily difficult to migrate an existing MD5- > hashed password table to a stronger method.
I really think that we need to be 'secure by default' - this is what is claimed for the framework. Even with clear documentation (& scaffolding) saying that developers should add a line to their app to change table[passfield].requires, this is bound to trip people up. If this approach can be generalised into the default install of Web2Py so that new installs are secure-by-default but old installs don't break when upgraded, that would be really awesome :) F --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
