[Zope-dev] Security Management

Dieter Maurer dieter@handshake.de
Thu, 12 Apr 2001 22:43:05 +0200 (CEST)


Andre Schubert writes:
 > ... direct access to authentication credentials ...
You cannot ask Zope about the user identity because
it does not visit the authenticating user folder
in the described case.

If you use basic authentication (the Zope default), then
you can read "REQUEST._auth" to get the AUTHENTICATION
header content which in turn tells you the user (after
base64 decoding). The leading "_" tells you that there
is no way to access it from DTML or Python Script.
You will need an external method.

If you use cookie authentication, you can look at the cookie.
It may show the username in a readable form.


Dieter