[Zope-dev] Adding user: Id check?
Clemens Robbenhaar
robbenhaar@espresto.com
Fri, 23 May 2003 14:06:56 +0200
Ignacio Dosil Lago writes:
>
> Hi all,
> I wanted to add a new user to Zope, so I copied it's login name from a
> document and pasted it into the user add form.
> That login name included strange characters which I couldn't see.
> Now I can't remove that user!!
[..]
If I understand the code in lib/python/AccessControl/User.py correctly
there is no "valid id" check or the like for users.
Wouldn't this make sense? As the user name has to be sent via an
http-header to login as this user, maybe one could limit the allowed
names to strings which may be send as valid http header.
(I.e. creating a user with a ':' seems to be pointless, if using
basic http-auth. Hm, but people using a Cookie-based login may argue
differntly.)
However so far I have not been able to create a user which I could not
delete afterwards. It would be interesting to know what characters do
trigger this issue ...
Cheers,
Clemens