[Zope] Password Overlap

Tino Wildenhain tino@wildenhain.de
Mon, 25 Nov 2002 22:23:30 +0100


Hi Dan,

--On Montag, 25. November 2002 12:28 -0800 Dan Shafer <dan@danshafer.com> 
wrote:

> Tino....
>
> Interesting idea. I'm not sure it would work here because I'm generating
> these 8-character random passwords and there will not be a user named
> after the first five characters. At least not without what feels like a
> lot of additional scripting to create new bogus users with three-letter
> passwords.

Why bogus? Just use scripting ;) user=pseudopwd[:5] password=pseudopwd[5:]
READY.

Regards
Tino :-)


> Or am I missing something?
>
> On Monday, November 25, 2002, at 11:58  AM, Tino Wildenhain wrote:
>
>> Hi Dan,
>>
>> how about making your "magic" password split say on the
>> first 5 characters (internally) and use it for user-id
>> and the remaining part as password?
>>
>> Regards
>> Tino
>>
>> --On Montag, 25. November 2002 11:10 -0800 Dan Shafer
>> <dan@danshafer.com> wrote:
>>
>>> I have painted myself into a nifty corner.
>>>
>>> My client's site is protected at the root by an acl folder. Those who
>>> are
>>> not in the acl folder have view privileges only. This works fine.
>>>
>>> I just added a new feature to my client's site. He wants this
>>> capability
>>> available to anyone to whom he gives a specific password. I wrote a
>>> Python script that generates the password and a page for my client to
>>> auto-generate a new random password and to see what the current
>>> password
>>> is. This works fine as well.
>>>
>>> The problem is, since I'm not even asking people for a user name here,
>>> only a password, and since the site is protected from access via the
>>> acl
>>> folder, his clients can't get past the password screen because the acl
>>> logic presents a challenge for a user name and password which, of
>>> course,
>>> these folks don't have.
>>>
>>> It occurred to me at one point that I could define an acl user called,
>>> e.g., "client" and then perhaps revise the Python script so that
>>> instead
>>> of storing the newly generated password in a DTML document, it would
>>> update the password property for that user in the acl folder. But it
>>> wasn't very obvious to me how to do that. And while I don't *mind*
>>> having
>>> them have to type in a generic user name, it's more elegant if they
>>> don't
>>> have to do so.
>>>
>>> What's the easiest way to address this issue? I looked through a
>>> year's
>>> worth of email digests and I searched zope.org, but I couldn't find an
>>> answer.
>>>
>>> Thanks.
>>>
>>>
>>> _______________________________________________
>>> Zope maillist  -  Zope@zope.org
>>> http://lists.zope.org/mailman/listinfo/zope
>>> **   No cross posts or HTML encoding!  **
>>> (Related lists -  http://lists.zope.org/mailman/listinfo/zope-announce
>>>  http://lists.zope.org/mailman/listinfo/zope-dev )
>>
>>
>