[Zope-dev] Re: [patch] More secure cookie crumbler?
Lennart Regebro
regebro at nuxeo.com
Tue Apr 13 05:09:58 EDT 2004
From: "Shane Hathaway" <shane at zope.com>
> Making cookie authentication secure is surprisingly difficult, and you've
> barely taken one step. I don't want CookieCrumbler to go in this
> direction at all. A much more fruitful endeavor would be to simply add
> digest authentication support to Zope's user folders. See the middle of
> this page for a fairly clear explanation:
>
> http://frontier.userland.com/stories/storyReader$2159
The problem with that is that as far as I know, it still doesn't offer a
nice, clean, cross-browser way of logging out. Which means most people will
still use cookie-authentication...
More information about the Zope-Dev
mailing list