[Zope] Password Overlap

Dan Shafer dan@danshafer.com
Mon, 25 Nov 2002 12:28:41 -0800


Tino....

Interesting idea. I'm not sure it would work here because I'm 
generating these 8-character random passwords and there will not be a 
user named after the first five characters. At least not without what 
feels like a lot of additional scripting to create new bogus users with 
three-letter passwords.

Or am I missing something?

On Monday, November 25, 2002, at 11:58  AM, Tino Wildenhain wrote:

> Hi Dan,
>
> how about making your "magic" password split say on the
> first 5 characters (internally) and use it for user-id
> and the remaining part as password?
>
> Regards
> Tino
>
> --On Montag, 25. November 2002 11:10 -0800 Dan Shafer 
> <dan@danshafer.com> wrote:
>
>> I have painted myself into a nifty corner.
>>
>> My client's site is protected at the root by an acl folder. Those who 
>> are
>> not in the acl folder have view privileges only. This works fine.
>>
>> I just added a new feature to my client's site. He wants this 
>> capability
>> available to anyone to whom he gives a specific password. I wrote a
>> Python script that generates the password and a page for my client to
>> auto-generate a new random password and to see what the current 
>> password
>> is. This works fine as well.
>>
>> The problem is, since I'm not even asking people for a user name here,
>> only a password, and since the site is protected from access via the 
>> acl
>> folder, his clients can't get past the password screen because the acl
>> logic presents a challenge for a user name and password which, of 
>> course,
>> these folks don't have.
>>
>> It occurred to me at one point that I could define an acl user called,
>> e.g., "client" and then perhaps revise the Python script so that 
>> instead
>> of storing the newly generated password in a DTML document, it would
>> update the password property for that user in the acl folder. But it
>> wasn't very obvious to me how to do that. And while I don't *mind* 
>> having
>> them have to type in a generic user name, it's more elegant if they 
>> don't
>> have to do so.
>>
>> What's the easiest way to address this issue? I looked through a 
>> year's
>> worth of email digests and I searched zope.org, but I couldn't find an
>> answer.
>>
>> Thanks.
>>
>>
>> _______________________________________________
>> Zope maillist  -  Zope@zope.org
>> http://lists.zope.org/mailman/listinfo/zope
>> **   No cross posts or HTML encoding!  **
>> (Related lists -  http://lists.zope.org/mailman/listinfo/zope-announce
>>  http://lists.zope.org/mailman/listinfo/zope-dev )
>
>