AUTHENTICATED_USER is not reliable! [Was: [Zope] become user (su inside Zope) - pretend to be another user]

Dario Lopez-Kästen dario at
Fri Oct 24 12:20:02 EDT 2003

Jens Vagelpohl wrote:

>> Why is everybody so obsessed with AUTHENTICATED_USER? This variable is 
>> not suitable for anything deserving the name "security". It is NOT 
>> SAFE to assume that it will contain anything useful.
> Amen to that.
> jens

Right, when can we consider REQUEST to be fairly safe? I.e. I know that 
it cab be manuoulated by any kind of script during the lifetime of a 
request, and aslo be populated from the URL. I consider manipulation 
from scripts acceptable behaviour, from the URL not.

What I am actually trying to say is the following:

I need a secure namespace available, a` la REQUEST, during the lifetime 
of a request - lets call it SAFE_REQUEST, that cannot be manipulated 
from the URL. Preferrably RAM-bound.

Any ideas on how to achieve that (other than reading source, which I 
allready have begun to).



-- -------------------------------------------------------------------
Dario Lopez-Ka"sten, IT Systems & Services Chalmers University of Tech.

More information about the Zope mailing list