26 Aug
2001
26 Aug
'01
6:06 p.m.
Steve Alexander wrote:
As has been pointed out by others, Zope protects you from this quite well already. You only need go the extra length of having two users yourself if you want to avoid the specific case you mention above.
Of course, if your users want to avoid the specific case you mention, they'd better be careful what they click on! :) You can encourage users always to log out immediately after logging in and doing stuff. That's a similar level of protection I get when I use something like Amazon.com. If I leave myself logged in, then I guess it's possible someone can construct a URL that will maliciously buy me books or whatever. -- Steve Alexander Software Engineer Cat-Box limited