[Zope-PAS] Lack of user enumeration a problem

Tres Seaver tseaver at palladion.com
Mon Aug 11 20:27:06 EDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Behrens Matt - Grand Rapids wrote:
> I've been playing with making an extraction/authentication plugin that
> takes a cryptographically signed cookie (shared secret and a SHA hash,
> for the curious) from an external script, with username and expiry
> derived from the cookie.  Basically, I'm trusting the external script
> has authenticated the user in the cookie up until the expiry time ticks
> over.  That part works.
> 
> What I'm missing is the ability to manage groups and roles with ZODB
> managers of each.  
> If I hit the assignments link for either I have no available users.
> Since I can't actually enumerate my users in the scenario I'm looking
> at, am I looking at patching/subclassing both managers to accept
> arbitrary principal IDs?  Or is there a better way?

You need to have plugins registered which implement IUserEnumeration and
IGroupEnumeration for your site.  Probably you are going to need to
share the set of valid users with that external program, though.


Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIoNjZ+gerLs4ltQ4RAjYUAKDE8YO9gTxW+ViAym4vv0u8LNnHeACfXx+G
Fd92apjNpjsLGUsaQKTCsow=
=Py2x
-----END PGP SIGNATURE-----



More information about the Zope-PAS mailing list