[Zope] security

sam linuxcraft@redspice.com
Fri, 17 Mar 2000 13:03:00 -0600


Besides the AUTHORIZED_USER field in the http header what else does zope use to identify
an http packet from a browser ?.  I am just wondering can I not masquerade as a user by setting 
the http header using httplib or some such utility ?. I have not seen any session ids in the REQUEST
variable which is supposed to contain all the variables in the browser request

thanks
sathya
-- 
##########################
 necessity is the 
mother of invention
##########################