[Zope] Webdav and cookie based authentication: exUserFolder compared to cookie crumbler
Dario Lopez-Kästen
dario@ita.chalmers.se
Tue, 29 Oct 2002 13:09:12 +0100
From: "Jens Vagelpohl" <jens@zope.com>
> > Unfortunately the credentials are easily sniffed out of cookies set by
> > CookieCrumbler (and XUF in non-secure cookie mode).
>
> just more reasons to not use cookies for authentication, period.
>
What would you use instead? I have yet to find any alternatives to using
cookies as part of the sessioning mechanism. Or are you referring to storing
username and passwords in the cookie? If so ignore the question, because I
think it is bad too :)
regards,
/dario