(I'm not sure if this is the right place... perhaps zope-dev or zope-ptk, but anyway...) I'm trying out the LoginManager independently of PTK, and well, it just doesn't work :-) I can add it to the folder, then it immediatly locks me out. This is the same problem most people have on their first try of GUF, so I looked in the source code for a similar way out (a fallback user), but I haven't found one. What am I doing wrong? :-) Also, an inquiry: The reasons I don't use GUF are, (1) it doesn't by default acquire users, and (2) it's (in the author's words) "trivial to grab people's passwords". (1) is bad because I don't want to make it any easier for people who maintain subsites here to lock me out of them. It is already possible to do that by creating a different user with the same Id (and not giving it any roles), but that can be easily walked around too; but not acquiring users is something that (for us) just won't do. Back to the topic... the reason for this rant is that I'd like to know how well LoginManager is WRT these two concerns :-) []s, |alo +---- -- Hack and Roll ( http://www.hackandroll.org ) News for, uh, whatever it is that we are. http://www.webcom.com/lalo mailto:lalo@hackandroll.org pgp key in the personal page Brazil of Darkness (RPG) --- http://zope.gf.com.br/BroDar
On Wed, 19 Apr 2000, Lalo Martins wrote:
The reasons I don't use GUF are, (1) it doesn't by default acquire users, and (2) it's (in the author's words) "trivial to grab people's passwords".
1) It does now (new architecture in 1.2.0 fixed this) 2) Only if you give people rights to create GUF instances. Its about the same as giving people ability to create arbitrary DTML methods (ie. someone creates a fake login form and you would be surprised how many of your users would enter their username/password without thinking). I don't know of any other user folders that yet do 1) with cookie authentication except GUF - it would be trivial to pinch the code from GUF to do this however. 2) applies to any user that can create DTML or Python methods. Its not a GUF or LoginManager specific problem. Ability to create arbitrary HTML links is almost as bad - it however requires the malicious form to be hosted on a seperate site and is more likely to be noticed by an observant client. -- ___ // Zen (alias Stuart Bishop) Work: zen@cs.rmit.edu.au // E N Senior Systems Alchemist Play: zen@shangri-la.dropbear.id.au //__ Computer Science, RMIT WWW: http://www.cs.rmit.edu.au/~zen
On Wed, Apr 26, 2000 at 09:55:05AM +1000, Stuart 'Zen' Bishop wrote:
On Wed, 19 Apr 2000, Lalo Martins wrote:
The reasons I don't use GUF are, (1) it doesn't by default acquire users, and (2) it's (in the author's words) "trivial to grab people's passwords".
1) It does now (new architecture in 1.2.0 fixed this)
I realized that as I tried. I was very pleased with it. :-) Kudos to the developers.
2) Only if you give people rights to create GUF instances. Its about the same as giving people ability to create arbitrary DTML methods (ie. someone creates a fake login form and you would be surprised how many of your users would enter their username/password without thinking).
But the point of the sites I maintain is community participation. I absolutely _need_ to let people create arbitrary DTML in their own folders. And what if/when I want to provide Zope hosting? Should I run a separate Zope instance for each customer? Nah. Yes, you can write a page asking for a login and hope people are fooled. You can also write a banner ad with a moving guy and say "win (whatever) if you hit the guy". Too bad. Ethics can't be forced. But GUF is worse because you can provide a _real_ login dialog, and _really_ log the user in, so that s/he won't notice something went wrong at all, but as part of the login process store his/her password somewhere. That's bad. It is possible with Generic User Source, yes, but that's not as bad as it sounds, because GUS was written as an example, mostly as a clone of GUF. I think over time people will start coming up with safer User Sources, and then I can just uninstall the ill-behaved ones. Actually I'm very pleased with LoginManager; I would have it in production already, if it weren't for the whole permissions-for-properties problem (which keeps my naive "OFS User Source" implementation from being really usable). []s, |alo +---- -- Hack and Roll ( http://www.hackandroll.org ) News for, uh, whatever it is that we are. http://www.webcom.com/lalo mailto:lalo@hackandroll.org pgp key in the personal page Brazil of Darkness (RPG) --- http://zope.gf.com.br/BroDar
participants (2)
-
Lalo Martins -
Stuart 'Zen' Bishop