[Zope-dev] Cookies presented on management login
David Thibault
dthibault@esperion.com
Thu, 9 Aug 2001 18:00:58 -0400
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C1211E.C5130CA0
Content-Type: text/plain;
charset="iso-8859-1"
Steve,
Thanks for the input on this cookie issue. Also thanks to Chris McDonough
who also replied and has expressed an interest in helping with innards
questions. I responded to this one simply to apologize for the rich-text
post...(insert stupid look here...=).
I'm sure I'll post again for this project as soon as I come up w/ the next
question...=)
Dave Thibault
-----Original Message-----
From: Steve Alexander [mailto:steve@cat-box.net]
Sent: Thursday, August 09, 2001 5:00 PM
To: David Thibault
Cc: 'zope-dev@zope.org'
Subject: Re: [Zope-dev] Cookies presented on management login
David Thibault wrote:
> Hello all,
>
> I'm new to this list (my first post). I'm currently in a project for
> SANS certification in which I'm auditing Zope security. I just noticed
> that every time I log in I get a cookie from the server that has the
> following info:
>
> Name: tree-s
> Data: "eJzTiFZ3hANPW/VYHU0ALlYElA"
You know that tree in the left hand frame of the management interface?
Well, that cookie represents the state of the tree.
See lib/python/TreeDisplay/TreeTag.py for the cookie handling stuff. It
is in the methods encode_seq and encode_str, and the complementary
decode_... methods.
Please don't post HTML mail to this mailing list.
--
Steve Alexander
Software Engineer
Cat-Box limited
------_=_NextPart_001_01C1211E.C5130CA0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2653.12">
<TITLE>RE: [Zope-dev] Cookies presented on management login</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>Steve,</FONT>
</P>
<P><FONT SIZE=3D2>Thanks for the input on this cookie issue. Also =
thanks to Chris McDonough who also replied and has expressed an =
interest in helping with innards questions. I responded to this =
one simply to apologize for the rich-text post...(insert stupid look =
here...=3D).</FONT></P>
<P><FONT SIZE=3D2>I'm sure I'll post again for this project as soon as =
I come up w/ the next question...=3D)</FONT>
</P>
<P><FONT SIZE=3D2>Dave Thibault</FONT>
</P>
<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: Steve Alexander [<A =
HREF=3D"mailto:steve@cat-box.net">mailto:steve@cat-box.net</A>]</FONT>
<BR><FONT SIZE=3D2>Sent: Thursday, August 09, 2001 5:00 PM</FONT>
<BR><FONT SIZE=3D2>To: David Thibault</FONT>
<BR><FONT SIZE=3D2>Cc: 'zope-dev@zope.org'</FONT>
<BR><FONT SIZE=3D2>Subject: Re: [Zope-dev] Cookies presented on =
management login</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>David Thibault wrote:</FONT>
<BR><FONT SIZE=3D2>> Hello all,</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> I'm new to this list (my first post). I'm =
currently in a project for </FONT>
<BR><FONT SIZE=3D2>> SANS certification in which I'm auditing Zope =
security. I just noticed </FONT>
<BR><FONT SIZE=3D2>> that every time I log in I get a cookie from =
the server that has the </FONT>
<BR><FONT SIZE=3D2>> following info:</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> Name: tree-s</FONT>
<BR><FONT SIZE=3D2>> Data: =
"eJzTiFZ3hANPW/VYHU0ALlYElA"</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>You know that tree in the left hand frame of the =
management interface?</FONT>
</P>
<P><FONT SIZE=3D2>Well, that cookie represents the state of the =
tree.</FONT>
</P>
<P><FONT SIZE=3D2>See lib/python/TreeDisplay/TreeTag.py for the cookie =
handling stuff. It </FONT>
<BR><FONT SIZE=3D2>is in the methods encode_seq and encode_str, and the =
complementary </FONT>
<BR><FONT SIZE=3D2>decode_... methods.</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>Please don't post HTML mail to this mailing =
list.</FONT>
</P>
<P><FONT SIZE=3D2>--</FONT>
<BR><FONT SIZE=3D2>Steve Alexander</FONT>
<BR><FONT SIZE=3D2>Software Engineer</FONT>
<BR><FONT SIZE=3D2>Cat-Box limited</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C1211E.C5130CA0--