[Zope] Lost user credentials

Garito garito at gmail.com
Mon Mar 12 14:48:01 EDT 2007


Fuck$%&ing gmail
Sorry all for this stupidity

To Dennis: I use Zope 2.9.5 final. Is this version concern with this bug?

To Dieter: I use HTTP authentication method (at least I suppose that). I
don't change anything about the default configuration nor use any cookie at
least

What I wonder is CrearFuncionalidad works ok but not BorrarFuncionalidad who
are launched both in the same way

Any idea?

2007/3/12, Garito <garito at gmail.com>:
>
> To Dennis: I use Zope 2.9.5 final. Is this version concern
>
> 2007/3/12, Dieter Maurer <dieter at handshake.de>:
> >
> > Garito wrote at 2007-3-12 04:04 +0100:
> > > ...
> > >In my code I don't use nothing about security and nothing is changed on
> > >zmi's security tab
> > >
> > >But when I launch a method (Borrar if you remember) the user who
> > launches
> > >the action is anonymous not the logged one
> >
> > Your problem description is too terse to say something definite about
> > the real problem.
> >
> > But, I can tell you that whether or not a user appears to be
> > anonymous or logged in only slightly depends on security settings.
> >
> > The process is as follows:
> >
> >   The url traversal determines the published object and
> >   the path to reach it. From the published object the roles are
> > determined
> >   necessary to access it.
> >   Then a user folder is looked for that can authenticate a user
> >   from the current request with the required roles. This lookup
> >   proceeds in the reverse order than the url traversal.
> >
> >   Thus, unless you have given your object unreasonable roles (usually
> >   you protect by a permission which is then mapped to a set of roles),
> >   the authenticated user primarily depends on the authentication
> >   information in the request.
> >
> > In what kind the request contains authentication information
> > highly depends on the form of authentication you are using.
> > There are at least two widely used approaches: cookie based
> > authentication
> > and HTTP (basic) authentication.
> >
> > In the first case, the user will appear "anonymous" whenever
> > cookies are disabled.
> >
> >
> >
> > --
> > Dieter
> >
>
>
>
> --
> Mis Cosas: http://blogs.sistes.net/Garito
>



-- 
Mis Cosas: http://blogs.sistes.net/Garito
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20070312/54aa12dd/attachment.htm


More information about the Zope mailing list