[Zope-CMF] CMFDefault register method & security
Tres Seaver
tseaver@palladion.com
Fri, 20 Jul 2001 14:04:46 -0400 (EDT)
On Fri, 20 Jul 2001, Chris Withers wrote:
> seb bacon wrote:
> >
> > can log someone in programmatically without some horrible
> > hack. Am I missing something?
>
> Nope, that's why it's a seperate process.
>
> That said, given that login is Cookie-based, I don't see why
> the register method couldn't just set the appropriate cookie
> and then redirect, rather than redirecting with the form or URL
> kludge just so the normal login process can set the cookie.
If you know that your site is always going to use cookie auth,
then that works fine. It is *not* possible with HTTP basic auth.
> thoughts?
Customize CMFDefault/skins/control/register.py to do what
login.py does, and then 'self.aq_uncle == "bob"'.
Tres.
--
===============================================================
Tres Seaver tseaver@digicool.com
Digital Creations "Zope Dealers" http://www.zope.org