[Zope] Webdav and cookie based authentication: exUserFolder compared to cookie crumbler

[Jens Vagelpohl]

> Unfortunately the credentials are easily sniffed out of cookies set by
> CookieCrumbler (and XUF in non-secure cookie mode).

just more reasons to not use cookies for authentication, period.


> If FTP works with XUF, I don't see why DAV shouldn't work either. I 
> know
> FTP *used to* work. Perhaps the folks responsible for the validate
> overhaul would like to comment about now.

what validate overhaul?

jens