Hi Dan, --On Montag, 25. November 2002 12:28 -0800 Dan Shafer <dan@danshafer.com> wrote:
Tino....
Interesting idea. I'm not sure it would work here because I'm generating these 8-character random passwords and there will not be a user named after the first five characters. At least not without what feels like a lot of additional scripting to create new bogus users with three-letter passwords.
Why bogus? Just use scripting ;) user=pseudopwd[:5] password=pseudopwd[5:] READY. Regards Tino :-)
Or am I missing something?
On Monday, November 25, 2002, at 11:58 AM, Tino Wildenhain wrote:
Hi Dan,
how about making your "magic" password split say on the first 5 characters (internally) and use it for user-id and the remaining part as password?
Regards Tino
--On Montag, 25. November 2002 11:10 -0800 Dan Shafer <dan@danshafer.com> wrote:
I have painted myself into a nifty corner.
My client's site is protected at the root by an acl folder. Those who are not in the acl folder have view privileges only. This works fine.
I just added a new feature to my client's site. He wants this capability available to anyone to whom he gives a specific password. I wrote a Python script that generates the password and a page for my client to auto-generate a new random password and to see what the current password is. This works fine as well.
The problem is, since I'm not even asking people for a user name here, only a password, and since the site is protected from access via the acl folder, his clients can't get past the password screen because the acl logic presents a challenge for a user name and password which, of course, these folks don't have.
It occurred to me at one point that I could define an acl user called, e.g., "client" and then perhaps revise the Python script so that instead of storing the newly generated password in a DTML document, it would update the password property for that user in the acl folder. But it wasn't very obvious to me how to do that. And while I don't *mind* having them have to type in a generic user name, it's more elegant if they don't have to do so.
What's the easiest way to address this issue? I looked through a year's worth of email digests and I searched zope.org, but I couldn't find an answer.
Thanks.
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )