[Zope-dev] Re: [patch] More secure cookie crumbler?
Shane Hathaway
shane at zope.com
Mon Apr 12 09:21:21 EDT 2004
On Mon, 12 Apr 2004, Chris Withers wrote:
> For me, that's worth patching for, it's up to you if you want to include
> it in an offical CookieCrumbler release or not ;-)
Making cookie authentication secure is surprisingly difficult, and you've
barely taken one step. I don't want CookieCrumbler to go in this
direction at all. A much more fruitful endeavor would be to simply add
digest authentication support to Zope's user folders. See the middle of
this page for a fairly clear explanation:
http://frontier.userland.com/stories/storyReader$2159
Shane
More information about the Zope-Dev
mailing list