[Zope-CMF] caching clear-text passwords

Florent Guillaume fg at nuxeo.com
Wed Jan 7 06:00:25 EST 2004


In article <1071750394.3fe19cfa0eba6 at www.plexus.leidenuniv.nl> you write:
> > See the session cookie.
> > __ac_name and __ac are store here.
> 
> I looked at the cookie, but only __ac_name is stored in it.. afaik
> __ac_password is deleted as soon as authentication has succeeded.

So what you can do is patch or subclass CookieCrumbler to store the
password in a safe place you can access after it has been treated by the
authentication part and before it is deleted from the cookies. The
SESSION is a good place, or any private variable not easily accessible
from skins.

Florent

-- 
Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 87  http://nuxeo.com  mailto:fg at nuxeo.com



More information about the Zope-CMF mailing list