[Zope-CMF] CookieCrumbler security issue?

Chris Withers chris at simplistix.co.uk
Thu Jan 22 05:28:54 EST 2004


Lennart Regebro wrote:

> I decided to store the mappings between the token (which is just a 
> number) and the password in a TemporaryFolder. I don't know if that 
> makes sense. Maybe it's stupid, I don't know.

I think I'd be tempted to do it in an IOBTree in a global.
That said, the TemporaryFolder solution might work well for multiple ZEO 
clients. If you replaced the TemporaryFolder with a mounted storage it could work...

What to people think about that?

cheers,

Chris




More information about the Zope-CMF mailing list