AUTHENTICATED_USER is not reliable! [Was: [Zope] become user (su inside Zope) - pretend to be another user]

Jens Vagelpohl jens at zope.com
Fri Oct 24 08:09:12 EDT 2003

Previous message: AUTHENTICATED_USER is not reliable! [Was: [Zope] become user (su inside Zope) - pretend to be another user]
Next message: AUTHENTICATED_USER is not reliable! [Was: [Zope] become user (su inside Zope) - pretend to be another user]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Why is everybody so obsessed with AUTHENTICATED_USER? This variable is 
> not suitable for anything deserving the name "security". It is NOT 
> SAFE to assume that it will contain anything useful.

Amen to that.

jens

Previous message: AUTHENTICATED_USER is not reliable! [Was: [Zope] become user (su inside Zope) - pretend to be another user]
Next message: AUTHENTICATED_USER is not reliable! [Was: [Zope] become user (su inside Zope) - pretend to be another user]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Zope mailing list