Zope 2.2 has a new security API. Amid all the trojan news, I wanted to remind developers of Zope products that this new API should be used in many cases where users traditionally queried AUTHENTICATED_USER for something. If, in your code, you get information from the AUTHENTICATED_USER object then you should take a good look at the new API. Unless developers switch to this API, their products are potentially less secure than code that does use this API. All the details are in the Wiki... http://www.zope.org/Members/michel/Projects/Interfaces/SecurityPolicies -- -Michel Pelletier http://www.zope.org/Members/michel/MyWiki Visit WikiCentral for the latest Zen: http://www.zope.org/Members/WikiCentral
On Wed, May 10, 2000 at 12:12:45PM -0700, Michel Pelletier wrote:
Zope 2.2 has a new security API. Amid all the trojan news, I wanted to remind developers of Zope products that this new API should be used in many cases where users traditionally queried AUTHENTICATED_USER for something.
Is REMOTE_USER significantly changed in 2.2? Thanks. Cheers. -- Ng Pheng Siong <ngps@post1.com> * http://www.post1.com/home/ngps
participants (2)
-
Michel Pelletier -
Ng Pheng Siong