[ZDP] BackTalk to Document The Zope Book (2.6 Edition)/Users and
Security
webmaster at zope.org
webmaster at zope.org
Sat Apr 17 00:42:49 EDT 2004
A comment to the paragraph below was recently added via http://zope.org/Documentation/Books/ZopeBook/2_6Edition/Security.stx#2-8
---------------
When a user accesses a protected resource (for example, by
attempting to view a "protected" DTML Method) Zope will ask the
user to log in by presenting some sort of authentication dialog.
Once the dialog has been "filled out" and submitted, Zope will
look for the user account represented by this set of credentials.
% Anonymous User - Apr. 17, 2004 12:42 am:
"Some sort" of authentication dialog is, by default, the browser's basic authentication mechanism (as in the
ZMI). This is no longer considered the default way to sign into Web sites, so if you only use this, your
users will be perennially confused. (Trust me on this.) Instead, you want to use a cookie-based
authentication of some sort. Add a CookieCrumbler to your site's base folder for this to work. The additional
advantage to this is that if your site includes a CMF or Plone subsite, you'll be able to read authentication
globally (because CMF will go to the top-level CookieCrumbler first to set its cookie.)
More information about the ZDP
mailing list