[Zope] User-private folderish object
Dieter Maurer
dieter at handshake.de
Sun Jan 30 13:25:58 EST 2005
Please stay on the list (readded)!
Richard Jennings wrote at 2005-1-30 07:17 +0100:
> ... user-private folder with session lifetime ...
> ...
>The available documentation talks of session *data* objects.
You can put any serializable (picklable) and especially
any persistent object into a session. It looks like:
obj = <YourConstructor>(...)
session[<someKey>] = obj
You can later access your object with "session[<someKey>]".
[DM]
>> This is as safe (and private) as the session itself (which
>> is not completely but rather safe).
[RJ]
>What, exactly, is the weakness here?
If someone spoofs the session id, it can look into the session
and change it.
With sufficient priviledges, someone can list all session
objects and look into them (and change them).
--
Dieter
More information about the Zope
mailing list