[Zope] Cookie Crumbler

Frank Hempel red_socks at gmx.de
Sun Feb 9 23:34:06 CET 2014


Am 09.02.2014 23:10, schrieb Jon Grange:
> Hello all
> Returning to a zope 2 web application I built 5 or 6 years ago that now
> needs some updating. Is cookie crumbler over SSL still a good and proper
> way to secure a public facing website?


if I remember right CC used the Basic access auth string (base64 encoded
login/password) as content for its auth-cookie, which is clearly not a
nice practice. however, this could easily be changed to some sort of
session key...

Regards, Frank


> 
> 
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> https://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  https://mail.zope.org/mailman/listinfo/zope-announce
>  https://mail.zope.org/mailman/listinfo/zope-dev )
> 



More information about the Zope mailing list