The easiest way to solve that is to let the cookie be only a random
ticked. That way the userame and password is only sent when actually
logging in. This gives as much security as your solution, but it's
easier to implement. PluggableUserFolder does, and I think PAS does it
do (or at least it
Declan Shanaghy wrote:
I was wondering if my solution to the problem outlined
below would be a useful inclusion into the main CMF
> code tree?
Well, CookieCrumbler *should* be on a downhill path anyway, with
PluggableAuthService (PAS) coming strong now, so I would suggest that
moving to PAS wou
I was wondering if my solution to the problem outlined
below
would be a useful inclusion into the main CMF code
tree?
I solved this by encrypting the __ac_name and
__ac_password values in the URL and then hacked
CookieCrumbler.py to decrypt them before it sets the
cookie.
The general idea is th
