[Zope] Re: major problems placing authentication on an extranet site-security flaw?

Dario Lopez-Kästen dario at ita.chalmers.se
Mon Feb 13 03:30:14 EST 2006

Chris Withers said the following on 2006-02-12 15:27:
> Given your earlier paranoia about security

uh, us security nerds^H^H^H^H^H^H 
folks-who-have-an-strong-interest-in-security, actually prefer to call 
it "eagerness". "Paranoia" has such negative timbre, don't you think? :-)

Nevertheless, it is not simple to implement proper security with 
cookie-based logins. I had to make my own hacked version of 
SinmpleUserFodler with seesioning on the zeo server to get it secure 
enough (it is actually a trade off from what I would have liked to have 
in the first place, but it works ok).



-- -------------------------------------------------------------------
Dario Lopez-Kästen, IT Systems & Services Chalmers University of Tech.
Lyrics applied to programming & application design:
"emancipate yourself from mental slavery" - redemption song, b. marley

More information about the Zope mailing list