[Zope] Cookie Crumbler
Frank Hempel
red_socks at gmx.de
Sun Feb 9 23:34:06 CET 2014
Am 09.02.2014 23:10, schrieb Jon Grange:
> Hello all
> Returning to a zope 2 web application I built 5 or 6 years ago that now
> needs some updating. Is cookie crumbler over SSL still a good and proper
> way to secure a public facing website?
if I remember right CC used the Basic access auth string (base64 encoded
login/password) as content for its auth-cookie, which is clearly not a
nice practice. however, this could easily be changed to some sort of
session key...
Regards, Frank
>
>
> _______________________________________________
> Zope maillist - Zope at zope.org
> https://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> https://mail.zope.org/mailman/listinfo/zope-announce
> https://mail.zope.org/mailman/listinfo/zope-dev )
>
More information about the Zope
mailing list