[Zope-CMF] CMFDefault register method & security

Andrew Sawyers andrew@digicool.com
Tue, 17 Jul 2001 11:27:15 -0400


Jens and I both think it's a bug; I couldn't come up with an easy solution;
all attempts at passing this through failed.  If you've got a solution, send
it on over.  Otherwise this is going to wait until one of us can devote more
time to it.  We've both got other things on our plate at the moment.
Thanks,
Andrew

> -----Original Message-----
> From: zope-cmf-admin@zope.org [mailto:zope-cmf-admin@zope.org]On Behalf
> Of Chris Withers
> Sent: Tuesday, July 17, 2001 4:00 AM
> To: jens@digicool.com
> Cc: zope-cmf@zope.org
> Subject: [Zope-CMF] CMFDefault register method & security
>
>
> Jens,
>
> Did anyone have any thoughts about this bit of the bug?
>
> > > Also, should the registered method really contain a url which
> has both the
> > > username and password of a newly generated member in it?
> Seems like a bit of a
> > > security hole to me :-S
>
> cheers,
>
> Chris
>
>
>
> _______________________________________________
> Zope-CMF maillist  -  Zope-CMF@zope.org
> http://lists.zope.org/mailman/listinfo/zope-cmf
>
> See http://www.zope.org/Products/PTK/Tracker for bug reports and
> feature requests
>