26 May
2003
26 May
'03
7:40 a.m.
Igor Leturia wrote:
So there's no way to do something easy like <dtml-call "AUTHENTICATED_USER=acl_users.authenticate(username,userpassword,REQUEST )"> ?
That would be a giant security hole. The point is should be manage by the internal (safe) Zope ocde not by code that is unsafe and can be manipulated by someone form the outside. Using the CookieCrumbler will setup AUTHENTICATED_USER the way you want it, but in a safe way.
you should be using a user folder that handles cookies or use the
CookieCrumbler product.
I will try the CookieCrumbler product, but how can I do the other thing you propose, a user folder that handles cookies?
Thanks in advance,
Igor Leturia