At 10:45 PM 6/2/00 -0300, Lalo Martins wrote:
>On Fri, Jun 02, 2000 at 07:29:18PM -0600, Bill Anderson wrote:
>> Has anyone out there actually sarted _using_ LoginManager with ZODB
>> storage? IOW, one that is not dependant on LDAP/SQL/etc., but that is
>> functioning in place of a non-PTK acl_users folder?
>
>I tried. It's quite easy, except that you have to store the
>user's password in a property, and access control is somewhat
>broken WRT passwords, so anyone can read anyone's passwords if
>they can write DTML.
Did you try naming the password attribute with an "_" at the beginning of
it? This should make it inaccessible from DTML, but it's a bit more work
since you have to write Python to do it.
If I recall correctly, Ty once made up a test version of a
PersistentUserSource that worked this way, and the standard Zope user
objects use an attribute named "__" for this.
_______________________________________________
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )