On Fri, Jun 02, 2000 at 07:29:18PM -0600, Bill Anderson wrote:
Has anyone out there actually sarted _using_ LoginManager with ZODB storage? IOW, one that is not dependant on LDAP/SQL/etc., but that is functioning in place of a non-PTK acl_users folder?
I tried. It's quite easy, except that you have to store the user's password in a property, and access control is somewhat broken WRT passwords, so anyone can read anyone's passwords if they can write DTML. Now I don't plan to just let anyone write DTML, but I don't want to leave this hole open because I know I will forget it sooner or later and open up an exploit. []s, |alo +---- -- Hack and Roll ( http://www.hackandroll.org ) News for, uh, whatever it is that we are. http://zope.gf.com.br/lalo mailto:lalo@hackandroll.org pgp key: http://zope.gf.com.br/lalo/pessoal/pgp Brazil of Darkness (RPG) --- http://zope.gf.com.br/BroDar