[Zope] getSecurityManager() vs. AUTHENTICATED_USER
Peter Bengtsson
peterbe at gmail.com
Fri Jul 8 18:20:38 EDT 2005
On 7/8/05, Dieter Maurer <dieter at handshake.de> wrote:
> Peter Bengtsson wrote at 2005-7-8 13:24 +0100:
> >I've learnt that it's better to use getSecurityManager instead of
> >REQUEST.AUTHENTICATED_USER
> >because it's more secure. Other than that, what is the difference.
>
> The security manager could be changed (e.g. with "newSecurityManager").
> "getSecurityManager" would report the change but not "AUTHENTICATED_USER".
>
"newSecurityManager" ??
never heard of that. The __doc__ says
""" Set up a new security context for a request for a user """
What is this used for? I'm guessing it's something we use in unittests
and stuff.
--
Peter Bengtsson,
work www.fry-it.com
home www.peterbe.com
hobby www.issuetrackerproduct.com
More information about the Zope
mailing list