[Zope-dev] Protected session items?

Lennart Regebro regebro at nuxeo.com
Fri Aug 27 09:24:52 EDT 2004


Florent Guillaume wrote:
>>>class ProtectedUsername:
>>>     """An object where the username is not accessible from user code."""
>>>     def _setUsername(self, username):
>>>         self.__username = username
>>>
>>>     def _getUsername(self):
>>>         return self.__username
>>>
>>>Very simple indeed.
>>
>>Even a traceback will not show this username anymore if its inside
>>an object without __repr__ :-)
> 
> 
> Well the username is not secret. Indeed, it would be interesting to have
> a __str__ to debug what's in SESSION and maybe allow user code to check
> what's there.

Yup. However, I just made it a bit more generic, so now it's not the 
username that is stored, but any authentication info you might like. 
That makes it possible to use from other plugins too, but of course, 
displaying it them may be a bit more sensitive.

Probably it would only store username and password, and the user 
obviously already knows his own password, but still...

Ah well, this is PLuggableUserFolder internal stuff anyway, so...


More information about the Zope-Dev mailing list