[Zope-PAS] Re: PlonePAS using SQL get AttributeError
Sidnei da Silva
sidnei at enfoldsystems.com
Thu Apr 19 08:05:48 EDT 2007
On 4/19/07, Wichert Akkerman <wichert at wiggy.net> wrote:
> The emergency user handling in PAS is very robust; I do not see how even
> a completely broken user folder at a higher level can break that.
If the higher level user folder uses cookie authentication for
example, and the emergency user exists on the root user folder. Since
credentials are extracted in the higher level user folder and not
passed on to the root user folder, the root user folder never gets a
chance to authenticate the emergency user.
> The main problem for Plone (and other frameworks/applications) is that
> if the root user folder is not a PAS you can get users objects which do
> not implemented the IPropertiedUser interface, which may break your
That's not as big of a problem as not being able to log in, right?
> > I haven't
> > seen any good justification of *why* that's a lame idea so far. 'It's
> > lame because I said it is' doesn't cut it for me.
> It's an unneeded change to a critical object. If you can get away with
> not doing that you remove a possible risk of breakage.
I could argue against 'unneeded'. As for possible risk of breakage,
it's as risky as using PAS for a non-root user folder. Since, as you
mentioned, emergency user should work fine, I don't see any risk,
If PAS is prone to breakage it should be made robust, period. It's a
matter of 'do we trust our own software or not'.
The impression I get from being on this list is 'oh you can use it,
but there are no guarantees', 'if it breaks don't come complain to us,
is not our fault'. Maybe it would be better *not* to recommend PAS at
Sidnei da Silva
Enfold Systems http://enfoldsystems.com
Fax +1 832 201 8856 Office +1 713 942 2377 Ext 214
More information about the Zope-PAS