[Zope-CMF] CMFDefault register method & security

Tres Seaver tseaver@palladion.com
Fri, 20 Jul 2001 14:04:46 -0400 (EDT)


On Fri, 20 Jul 2001, Chris Withers wrote:

> seb bacon wrote:
> > 
> > can log someone in programmatically without some horrible
> > hack.  Am I missing something?
> 
> Nope, that's why it's a seperate process.
> 
> That said, given that login is Cookie-based, I don't see why
> the register method couldn't just set the appropriate cookie
> and then redirect, rather than redirecting with the form or URL
> kludge just so the normal login process can set the cookie.

If you know that your site is always going to use cookie auth,
then that works fine.  It is *not* possible with HTTP basic auth.

> thoughts?

Customize CMFDefault/skins/control/register.py to do what
login.py does, and then 'self.aq_uncle == "bob"'.

Tres.
-- 
===============================================================
Tres Seaver                                tseaver@digicool.com
Digital Creations     "Zope Dealers"       http://www.zope.org