[Zope-dev] LM and user objects
Lalo Martins
lalo@hackandroll.org
Tue, 6 Jun 2000 19:49:07 -0300
On Tue, Jun 06, 2000 at 04:03:50PM -0600, Bill Anderson wrote:
>
> Cool. I tried the ZClass route (less restarts ;) gave it Fname,Lname,and
> zpasswd as fields. (ISTR something about the password needing to be a
> field)
Running the risk of repeating myself:
if the password is a ZClass property, any DTML method can read
any user's password. It's ok if you don't plan to allow users
to edit DTML (recommended), but anyway it's a hole I don't want
to leave open in my site because I know I will forget it later.
[]s,
|alo
+----
--
Hack and Roll ( http://www.hackandroll.org )
News for, uh, whatever it is that we are.
http://zope.gf.com.br/lalo mailto:lalo@hackandroll.org
pgp key: http://zope.gf.com.br/lalo/pessoal/pgp
Brazil of Darkness (RPG) --- http://zope.gf.com.br/BroDar