AUTHENTICATED_USER is not reliable! [Was: [Zope] become user (su
inside Zope) - pretend to be another user]
Andy McKay
andy at clearwind.ca
Fri Oct 24 16:34:21 EDT 2003
Stefan H. Holek wrote:
> Why is everybody so obsessed with AUTHENTICATED_USER? This variable is
> not suitable for anything deserving the name "security". It is NOT SAFE
> to assume that it will contain anything useful.
Good job core products like RAM Cache Manager use AUTHENTICATED_USER by
default then ;)
--
Andy McKay
ClearWind Consulting
http://www.clearwind.ca
More information about the Zope
mailing list