[Zope-dev] Feedback wanted on GenericUserFolder

Stuart 'Zen' Bishop zen@cs.rmit.edu.au
Sat, 30 Oct 1999 14:00:27 +1000 (EST)


I've put together a functional GenericUserFolder for people to
look at and give me feedback before a full release:

    http://www.zope.org/Members/Zen/GenericUserFolder

It is simply a userfolder that calls ZODB methods to populate
userlists, return roles etc. Out of the box it makes UserDB
obsolete, and would allow etcUserFolder, LDAPAdaptor etc. to
be cut back to external methods (giving more flexibility and
allowing features like enhanced cookie handling to be done in
one product that in every product).

I don't know if the cookie authentication is working - I need
to rewrite this as the implementation I stole from etcUserFolder
(with the rest of the framework) seems to store the password
in plaintext in the cookie. I'll end up passing a SHA hash of some
description I think.

The results from the methods are being cached in _v_ volatile
attributes. I think this is the correct thing to do, but this
means there is a seperate cache per thread (increased memory usage)
as well as allowing the possibility of inconsistancys between threads
as the seperate caches will expire at different times. 

Unless I steal someones existing Session product, I'll end up
having to store the cookies in a dictionary on the server (as the clients 
won't be passing a password in a form I can send to authenticate) - I don't
think this will cause a problem for any but the largest sites.

Any hints on what will happen to this product with the eventual
release of the portal toolkit? Will it become obsolete, or will
it require reimplemntation from the ground up to fit in with the new
framework? I need to know if there is any point polishing it up for
release.

 ___
   //     Zen (alias Stuart Bishop)     Work: zen@cs.rmit.edu.au
  // E N  Senior Systems Alchemist      Play: zen@shangri-la.dropbear.id.au
 //__     Computer Science, RMIT 	 WWW: http://www.cs.rmit.edu.au/~zen