[Zope] protecting users from hostile authors

Steve Alexander steve@cat-box.net
Sun, 26 Aug 2001 19:06:34 +0100


Steve Alexander wrote:

>
> As has been pointed out by others, Zope protects you from this quite 
> well already. You only need go the extra length of having two users 
> yourself if you want to avoid the specific case you mention above.


Of course, if your users want to avoid the specific case you mention, 
they'd better be careful what they click on! :)

You can encourage users always to log out immediately after logging in 
and doing stuff.

That's a similar level of protection I get when I use something like 
Amazon.com. If I leave myself logged in, then I guess it's possible 
someone can construct a URL that will maliciously buy me books or whatever.


-- 
Steve Alexander
Software Engineer
Cat-Box limited