[Zope] Authentication using a form instead of a popup

Johan Carlsson johanc@easypublisher.com
Mon, 26 May 2003 09:40:08 +0200


Igor Leturia wrote:
> 
> So there's no way to do something easy like <dtml-call
> "AUTHENTICATED_USER=acl_users.authenticate(username,userpassword,REQUEST
> )"> ?

That would be a giant security hole.

The point is should be manage by the internal (safe) Zope ocde not by
code that is unsafe and can be manipulated by someone form the outside.

Using the CookieCrumbler will setup AUTHENTICATED_USER the way you want 
it, but in a safe way.

>>you should be using a user folder that handles cookies or use the
> 
> CookieCrumbler product.
> 
> 
> I will try the CookieCrumbler product, but how can I do the other thing
> you propose, a user folder that handles cookies?
> 
> Thanks in advance,
> 
> 			Igor Leturia
>