12 Apr
2004
12 Apr
'04
1:21 p.m.
On Mon, 12 Apr 2004, Chris Withers wrote:
For me, that's worth patching for, it's up to you if you want to include it in an offical CookieCrumbler release or not ;-)
Making cookie authentication secure is surprisingly difficult, and you've barely taken one step. I don't want CookieCrumbler to go in this direction at all. A much more fruitful endeavor would be to simply add digest authentication support to Zope's user folders. See the middle of this page for a fairly clear explanation: http://frontier.userland.com/stories/storyReader$2159 Shane