If you use Janrain you outsource the password issue (now the Janrain admins can steal the password).
Caveats: - you as administrator do not need passwords to do bad things on behalf of the user - you as administrator can spoof janrain and steal the password anyway People do not realize how powerful is a system administrator... This a marketing issue. You are is no worse shape than any other developer bidding for the project. Others will lie about this (buyers will not talk to developers but with salesmen who knows what the buyers what to hear and do not understand what developers say). Massimo On Aug 4, 10:04 am, António Ramos <ramstei...@gmail.com> wrote: > If i use janrain what information is stored in the tables? > > Is this more trustable for users because i have an app to be used not by > internal users but by clients of my company to request products. > They can reject my app because of password confidentality. > > Thank you > > António > > 2011/8/3 Massimo Di Pierro <massimo.dipie...@gmail.com> > > > > > > > > > The password are hashed not encrypted (also known as a one-way- > > encryption). A hacker getting access to the passwords file cannot > > decrypt them. The hacker can "theoretically" find collision but it is > > almost impossible with SHA512+HMAC (which web2py uses). > > > Things are different for the administrator. Nothing prevents the > > administrator from intercepting the communications and logging the > > password in a separate file. That is true for ANY application, not > > just web2py. > > > On Aug 3, 5:11 am, António Ramos <ramstei...@gmail.com> wrote: > > > hello, > > > what do i tell in my company to convinve them to use web2py apps without > > > fearing that i as administrator cannot discover their password? > > > > Thank you > > > > António
