Re: [Zope] Persist password in CookieCrumbler
I wrote something a long time ago which did this. Download http://www.issuetrackerproduct.com/Download#CookieCrumblerIssueTrackerProduct And read some of the source I think what you have to do is override its setAuthCookie method somehow and there you can set 'expires' to be a date far in the future. On 21 October 2010 23:28, Brian Sullivan briansulli...@gmail.com wrote: Can I persist the password using CookieCrumbler (in addition to the user name)? Has anybody made this modification and can supply the modified product or code. I made a stab at it but obviously my level of understanding is not up to snuff 'cause I can't get it to work. What are the implications/problems that might result from doing this? ___ Zope maillist - z...@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev ) -- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com fun crosstips.org ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Persist password in CookieCrumbler
Thanks -- will have a look. On Fri, Oct 22, 2010 at 3:43 AM, Peter Bengtsson pe...@fry-it.com wrote: I wrote something a long time ago which did this. Download http://www.issuetrackerproduct.com/Download#CookieCrumblerIssueTrackerProduct And read some of the source I think what you have to do is override its setAuthCookie method somehow and there you can set 'expires' to be a date far in the future. On 21 October 2010 23:28, Brian Sullivan briansulli...@gmail.com wrote: Can I persist the password using CookieCrumbler (in addition to the user name)? Has anybody made this modification and can supply the modified product or code. I made a stab at it but obviously my level of understanding is not up to snuff 'cause I can't get it to work. What are the implications/problems that might result from doing this? ___ Zope maillist - z...@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev ) -- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com fun crosstips.org ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Persist password in CookieCrumbler
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/21/2010 06:28 PM, Brian Sullivan wrote: Can I persist the password using CookieCrumbler (in addition to the user name)? Has anybody made this modification and can supply the modified product or code. I made a stab at it but obviously my level of understanding is not up to snuff 'cause I can't get it to work. What are the implications/problems that might result from doing this? The obvious issue with a beyond-this-session auth cookie is that it enables anybody who can run that browser / profile to authenticate as the user being persisted. I would consider this an unacceptable risk for any site where the authentication was intended for anything more than keep spambots out (i.e., you might as well be using OpenID). Tres. - -- === Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software Excellence by Designhttp://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzBvS4ACgkQ+gerLs4ltQ50YwCgo8lBRu2rSifUDKllvWdXd90l efMAnRjJH8rc+4nXBG9z4Fru4MXW+oq+ =UNOh -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Persist password in CookieCrumbler
On Fri, Oct 22, 2010 at 12:34 PM, Tres Seaver tsea...@palladion.com wrote: The obvious issue with a beyond-this-session auth cookie is that it enables anybody who can run that browser / profile to authenticate as the user being persisted. I would consider this an unacceptable risk for any site where the authentication was intended for anything more than keep spambots out (i.e., you might as well be using OpenID). Isn't this about the same risk as the browser saving the id/password pair for the site? Certainly on a public or multiuser machine this would not be a good idea and appropriate warnings should be given. (it seems to me that all browsers do this and most users take advantage of this) ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Persist password in CookieCrumbler
Can I persist the password using CookieCrumbler (in addition to the user name)? Has anybody made this modification and can supply the modified product or code. I made a stab at it but obviously my level of understanding is not up to snuff 'cause I can't get it to work. What are the implications/problems that might result from doing this? ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
