On Sat, Jun 03, 2000 at 12:38:20AM -0500, Phillip J. Eby wrote:
I tried. It's quite easy, except that you have to store the user's password in a property, and access control is somewhat broken WRT passwords, so anyone can read anyone's passwords if they can write DTML.
Did you try naming the password attribute with an "_" at the beginning of it? This should make it inaccessible from DTML, but it's a bit more work since you have to write Python to do it.
Actually, if I'm willing to go to Python (which I am, just waiting for 2.2 so I don't have to do it twice) there are simpler ways to do it, and you (IIRC) have already showed me some :-) The point is that by his question I thought Bill wanted a ZODB/ZClass-only solution - and I'd prefer it too if it was possible at all. []s, |alo +---- -- Hack and Roll ( http://www.hackandroll.org ) News for, uh, whatever it is that we are. http://zope.gf.com.br/lalo mailto:lalo@hackandroll.org pgp key: http://zope.gf.com.br/lalo/pessoal/pgp Brazil of Darkness (RPG) --- http://zope.gf.com.br/BroDar