AUTHENTICATED_USER is not reliable! [Was: [Zope] become user(su inside Zope) - pretend to be another user]

Jim Kutter jim at ebizq.net
Fri Oct 24 12:37:05 EDT 2003


I've been using the REQUEST.OTHER namespace for this purpose. Is that safe to do?

-jim

-----Original Message-----
From: Dario Lopez-Kästen [mailto:dario at ita.chalmers.se] 
Sent: Friday, October 24, 2003 12:20 PM
Cc: zope at zope.org
Subject: Re: AUTHENTICATED_USER is not reliable! [Was: [Zope] become user(su inside Zope) - pretend to be another user]


Jens Vagelpohl wrote:

>> Why is everybody so obsessed with AUTHENTICATED_USER? This variable is 
>> not suitable for anything deserving the name "security". It is NOT 
>> SAFE to assume that it will contain anything useful.
> 
> 
> Amen to that.
> 
> jens

Right, when can we consider REQUEST to be fairly safe? I.e. I know that 
it cab be manuoulated by any kind of script during the lifetime of a 
request, and aslo be populated from the URL. I consider manipulation 
from scripts acceptable behaviour, from the URL not.

What I am actually trying to say is the following:

I need a secure namespace available, a` la REQUEST, during the lifetime 
of a request - lets call it SAFE_REQUEST, that cannot be manipulated 
from the URL. Preferrably RAM-bound.

Any ideas on how to achieve that (other than reading source, which I 
allready have begun to).

Thanks,

/dario

-- 
-- -------------------------------------------------------------------
Dario Lopez-Ka"sten, IT Systems & Services Chalmers University of Tech.


_______________________________________________
Zope maillist  -  Zope at zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )



More information about the Zope mailing list