[Zope-CMF] Re: [Plone-developers] PLIP - Ship SessionCrumbler instead of CookieCrumbler

Tim Terlegård tim at se.linux.org
Tue Oct 12 07:35:27 EDT 2004


> It is more secure in a sense, and less secure in another sense, it just
> moves the weakest link from one place to another..
> If you are doing external authentication (krb, cas, AD, ...), then the
> only viable alternative is to not store the password anywhere, this is
> when it becomes more secure, otherwise any other option is just as
> insecure since the main password can get compromised.

With SessionCrumbler I can choose to only encrypt (SSL) the login
procedure. With CookieCrumbler I have to encrypt every response to
ensure that the password is not leaked. Because of performance I'd like
to avoid that.

There is still the possibility to steal your sessionid, but atleast you
won't get your password stolen. People tend to use the same password for
many logging in to the computer at work, for checking email, for the
computer at home, for bank accounts, etc etc. Stealing your sessionid
will perhaps authenticate the person to your site, but it will not allow
him to use your bank accounts.


> Why not push for a *real* secure implementation then instead of patching
> a hack?

I agree with Simon. This PLIP can be implemented and documented in
hours, while better CMF authentication takes a lot more time. Anyone is
free to write another PLIP.

Tim



More information about the Zope-CMF mailing list