Hello, We are currently using UserDB for authentication. It is simple and meets our needs. Are there any compelling reasons to switch to the much-newer GUF? Are there any security holes in UserDB that GUF may have fixed? What are other people using? Thanks, -Paul __________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/
On Thu, 11 May 2000, Paul Abrams wrote:
We are currently using UserDB for authentication. It is simple and meets our needs.
Are there any compelling reasons to switch to the much-newer GUF? Are there any security holes in UserDB that GUF may have fixed? What are other people using?
The only security issue I can think of is that the username/password is passed in 'effectivly plaintext' to every page on your site via a cookie. If you have untrusted users with access to create DTML or other executable code, it is trivial for them to extract the password. If you don't, there is really no reason to change until a future Zope release finally breaks it. -- ___ // Zen (alias Stuart Bishop) Work: zen@cs.rmit.edu.au // E N Senior Systems Alchemist Play: zen@shangri-la.dropbear.id.au //__ Computer Science, RMIT WWW: http://www.cs.rmit.edu.au/~zen
participants (2)
-
Paul Abrams -
Stuart 'Zen' Bishop