[Zope-dev] Cookie Crumbler and similar products (Re: Zope 2.6 project updated)

Trevor Toenjes zope@toenjes.com
Tue, 5 Mar 2002 15:31:50 -0500


I like the idea of adding cookie auth to the API.  The user product choic=
es
are convoluted and I think the community would benefit from adding standa=
rd
capability to the core.

Adding to that...
my priority would be to extend acl_users folder to allow for built-in
storage of additional user properties beyond username/password.
Yes, there are user products that do this to a point, but an API that all=
ows
you to simply do it in ZODB would be ideal.

Maybe someone more familiar could determine a "best of" integration that
addresses acl_users folder extensibility and security to add this to Z2.6.

-Trevor

> -----Original Message-----
> From: zope-dev-admin@zope.org [mailto:zope-dev-admin@zope.org]On Behalf
> Of Dario Lopez-K=E4sten
> Sent: Tuesday, March 05, 2002 3:09 PM
> To: zope-dev@zope.org
> Subject: [Zope-dev] Cookie Crumbler and similar products (Re: Zope 2.6
> project updated)
>
>
> From: "Matt Behrens" <matt.behrens@kohler.com>
> > Christian Theune wrote:
> >
> > > Well I saw the cookie crumbler wish has been added to the
> list already,
> > > and (as i tested it out this moment) don't see what exactly needs t=
o
> > > be done than adding it by default to the root userfolder.
> > > Well, probably some facelifting to the default login, thats not
> > > urgent in any way but if wished i would do that.
> >
> > Well, as far as "least-intrusive", CC loses some points by not being
> > compatible with some of the user folders that do their own cookie aut=
h,
> > although that's arguably not CC's fault.
> >
>
> Which makes me think of another point. I haven't used Zope 2.5.1
> yet, but I
> understand from some of the traffic on the mailinglists that some have
> wanted to disable the session tracking/session management beause it
> interferes with the solutions they allready use for session tracking.
>
> And now there is a possible inclusion of another product (CC) that migh=
t
> conflict with other products' cookie functionality.
>
> Instead of locking up users with a particular implementation of a solut=
ion
> to a general problem, why not present an API for a) session management =
and
> b) cookie management, and then present default products that use
> these API's
> to provide solutions? This way it will not be hard to replace both sess=
ion
> management and cookie management with other products.
>
> Any one else think that this might be a worthwhile idea? If so, I
> can offer
> time and effort and my limited knowledge of zope to make this possible.
>
> /dario
>
>
>
> _______________________________________________
> Zope-Dev maillist  -  Zope-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope )