[Zope-dev] Re: [patch] More secure cookie crumbler?

Lennart Regebro regebro at nuxeo.com
Tue Apr 13 05:09:58 EDT 2004


From: "Shane Hathaway" <shane at zope.com>
> Making cookie authentication secure is surprisingly difficult, and you've
> barely taken one step.  I don't want CookieCrumbler to go in this
> direction at all.  A much more fruitful endeavor would be to simply add
> digest authentication support to Zope's user folders.  See the middle of
> this page for a fairly clear explanation:
>
> http://frontier.userland.com/stories/storyReader$2159

The problem with that is that as far as I know, it still doesn't offer a
nice, clean, cross-browser way of logging out. Which means most people will
still use cookie-authentication...





More information about the Zope-Dev mailing list