AUTHENTICATED_USER is not reliable! [Was: [Zope] become user (su inside Zope) - pretend to be another user]

Jens Vagelpohl jens at zope.com
Fri Oct 24 08:09:12 EDT 2003


> Why is everybody so obsessed with AUTHENTICATED_USER? This variable is 
> not suitable for anything deserving the name "security". It is NOT 
> SAFE to assume that it will contain anything useful.

Amen to that.

jens




More information about the Zope mailing list