I am making a small application for sales and marketing reports in-house. Each user has a unique login/username in zope (via NtUserFolder) and they also have a unique employee_id in exisitng SQL database tables. Each page calls numerous SQL methods almost all of which need to know the employee_id number. I can make a small method getEmpID(request.AUTHENTICATED_USER) and map the logins to the employee_ids, but then I am calling that at least once every page. I could call getEmpID(request.AUTHENTICATED_USER) once when the user logs in and then set it in a cookie or a session variable but I am unsure of the possible security issues in doing that. Or I could start using the zope/NT login as the key in various sales and marketing tables. Just thought I'd *throw it out there* for any input, thanks.
--On 23. Juni 2005 12:07:50 -0700 Erik Myllymaki <erik.myllymaki@aviawest.com> wrote:
Just thought I'd *throw it out there* for any input, thanks.
Anything other than a secure channel - means SSL - can be regarded as unsafe. It does not matter if you store information in cookies, http headers, URLs or whatever. If you want to make it safe, use SSL. -aj
----- Original Message ----- From: "Erik Myllymaki" <erik.myllymaki@aviawest.com>
Each user has a unique login/username in zope (via NtUserFolder) and they also have a unique employee_id in exisitng SQL database tables.
Each page calls numerous SQL methods almost all of which need to know the employee_id number.
I can make a small method getEmpID(request.AUTHENTICATED_USER) and map the logins to the employee_ids, but then I am calling that at least once every page.
I could call getEmpID(request.AUTHENTICATED_USER) once when the user logs in and then set it in a cookie or a session variable but I am unsure of the possible security issues in doing that.
Or I could start using the zope/NT login as the key in various sales and marketing tables.
How about storing a dictionary, as a property field on the local folder, which contains the mapping from AUTHENTICATED_USER to employee id? You would have to update the dictionary whenever you add/delete an employee (simple to do), but it would give you quick access to the employee id numbers. hth Jonathan
participants (3)
-
Andreas Jung -
Erik Myllymaki -
Jonathan