[Zope-CMF] caching clear-text passwords
Florent Guillaume
fg at nuxeo.com
Wed Jan 7 06:00:25 EST 2004
In article <1071750394.3fe19cfa0eba6 at www.plexus.leidenuniv.nl> you write:
> > See the session cookie.
> > __ac_name and __ac are store here.
>
> I looked at the cookie, but only __ac_name is stored in it.. afaik
> __ac_password is deleted as soon as authentication has succeeded.
So what you can do is patch or subclass CookieCrumbler to store the
password in a safe place you can access after it has been treated by the
authentication part and before it is deleted from the cookies. The
SESSION is a good place, or any private variable not easily accessible
from skins.
Florent
--
Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 87 http://nuxeo.com mailto:fg at nuxeo.com
More information about the Zope-CMF
mailing list