[Zope-dev] Basic LoginManager HowTo

Lalo Martins lalo@hackandroll.org
Fri, 2 Jun 2000 22:45:35 -0300


On Fri, Jun 02, 2000 at 07:29:18PM -0600, Bill Anderson wrote:
> Has anyone out there actually sarted _using_ LoginManager with ZODB
> storage? IOW, one that is not dependant on LDAP/SQL/etc., but that is
> functioning in place of a non-PTK acl_users folder? 

I tried. It's quite easy, except that you have to store the
user's password in a property, and access control is somewhat
broken WRT passwords, so anyone can read anyone's passwords if
they can write DTML.

Now I don't plan to just let anyone write DTML, but I don't
want to leave this hole open because I know I will forget it
sooner or later and open up an exploit.

[]s,
                                               |alo
                                               +----
--
          Hack and Roll  ( http://www.hackandroll.org )
            News for, uh, whatever it is that we are.


http://zope.gf.com.br/lalo           mailto:lalo@hackandroll.org
         pgp key: http://zope.gf.com.br/lalo/pessoal/pgp

Brazil of Darkness (RPG)    ---     http://zope.gf.com.br/BroDar