AUTHENTICATED_USER is not reliable! [Was: [Zope] become user
(su inside Zope) - pretend to be another user]
Dario Lopez-Kästen
dario at ita.chalmers.se
Fri Oct 24 12:20:02 EDT 2003
Jens Vagelpohl wrote:
>> Why is everybody so obsessed with AUTHENTICATED_USER? This variable is
>> not suitable for anything deserving the name "security". It is NOT
>> SAFE to assume that it will contain anything useful.
>
>
> Amen to that.
>
> jens
Right, when can we consider REQUEST to be fairly safe? I.e. I know that
it cab be manuoulated by any kind of script during the lifetime of a
request, and aslo be populated from the URL. I consider manipulation
from scripts acceptable behaviour, from the URL not.
What I am actually trying to say is the following:
I need a secure namespace available, a` la REQUEST, during the lifetime
of a request - lets call it SAFE_REQUEST, that cannot be manipulated
from the URL. Preferrably RAM-bound.
Any ideas on how to achieve that (other than reading source, which I
allready have begun to).
Thanks,
/dario
--
-- -------------------------------------------------------------------
Dario Lopez-Ka"sten, IT Systems & Services Chalmers University of Tech.
More information about the Zope
mailing list