Re: [Zope] general design question
- Original Message - From: "Erik Myllymaki" <[EMAIL PROTECTED]> Each user has a unique login/username in zope (via NtUserFolder) and they also have a unique employee_id in exisitng SQL database tables. Each page calls numerous SQL methods almost all of which need to know the employee_id number. I can make a small method getEmpID(request.AUTHENTICATED_USER) and map the logins to the employee_ids, but then I am calling that at least once every page. I could call getEmpID(request.AUTHENTICATED_USER) once when the user logs in and then set it in a cookie or a session variable but I am unsure of the possible security issues in doing that. Or I could start using the zope/NT login as the key in various sales and marketing tables. How about storing a dictionary, as a property field on the local folder, which contains the mapping from AUTHENTICATED_USER to employee id? You would have to update the dictionary whenever you add/delete an employee (simple to do), but it would give you quick access to the employee id numbers. hth Jonathan ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] general design question
--On 23. Juni 2005 12:07:50 -0700 Erik Myllymaki <[EMAIL PROTECTED]> wrote: Just thought I'd *throw it out there* for any input, thanks. Anything other than a secure channel - means SSL - can be regarded as unsafe. It does not matter if you store information in cookies, http headers, URLs or whatever. If you want to make it safe, use SSL. -aj pgp9FZijxlNjh.pgp Description: PGP signature ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] general design question
I am making a small application for sales and marketing reports in-house. Each user has a unique login/username in zope (via NtUserFolder) and they also have a unique employee_id in exisitng SQL database tables. Each page calls numerous SQL methods almost all of which need to know the employee_id number. I can make a small method getEmpID(request.AUTHENTICATED_USER) and map the logins to the employee_ids, but then I am calling that at least once every page. I could call getEmpID(request.AUTHENTICATED_USER) once when the user logs in and then set it in a cookie or a session variable but I am unsure of the possible security issues in doing that. Or I could start using the zope/NT login as the key in various sales and marketing tables. Just thought I'd *throw it out there* for any input, thanks. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )