[Zope-dev] Adding user: Id check?

Clemens Robbenhaar robbenhaar@espresto.com
Fri, 23 May 2003 14:06:56 +0200


Ignacio Dosil Lago writes:
 > 
 >    Hi all,
 >    I wanted to add a new user to Zope, so I copied it's login name from a 
 > document and pasted it into the user add form. 
 >   That login name included strange characters which I couldn't see.
 >   Now I can't remove that user!!
 [..]

 If I understand the code in lib/python/AccessControl/User.py correctly
there is no "valid id" check or the like for users. 
 
 Wouldn't this make sense? As the user name has to be sent via an
http-header to login as this user, maybe one could limit the allowed
names to strings which may be send as valid http header. 
 (I.e. creating a user with a ':' seems to be pointless, if using 
basic http-auth. Hm, but people using a Cookie-based login may argue
differntly.)

 However so far I have not been able to create a user which I could not
delete afterwards. It would be interesting to know what characters do
trigger this issue ...

Cheers,
Clemens