[Plone-users] Re: [Zope-CMF] CookieCrumbler security issue?

Lennart Regebro regebro at nuxeo.com
Fri Jan 23 04:37:28 EST 2004


From: "Chris Withers" <chris at simplistix.co.uk>
> > Of course, using cookies will always expose you to the worst security
> > nightmare: compromise of the remote terminal. (Fortunately, without
> > being able to control the end-user, there's not a great deal you can do
> > about this in a web environment.)
>
> Well, again, how does this differ with HTTP Basic Auth?

Well, there is a risk that the client stores the password on the disk with
cookies.




More information about the Zope-CMF mailing list