On Sat, Jun 03, 2000 at 12:38:20AM -0500, Phillip J. Eby wrote:
> >
> >I tried. It's quite easy, except that you have to store the
> >user's password in a property, and access control is somewhat
> >broken WRT passwords, so anyone can read anyone's passwords if
> >they can write DTML.
> 
> Did you try naming the password attribute with an "_" at the beginning of
> it?  This should make it inaccessible from DTML, but it's a bit more work
> since you have to write Python to do it.

Actually, if I'm willing to go to Python (which I am, just
waiting for 2.2 so I don't have to do it twice) there are
simpler ways to do it, and you (IIRC) have already showed me
some :-) The point is that by his question I thought Bill
wanted a ZODB/ZClass-only solution - and I'd prefer it too if
it was possible at all.

[]s,
                                               |alo
                                               +----
--
          Hack and Roll  ( http://www.hackandroll.org )
            News for, uh, whatever it is that we are.


http://zope.gf.com.br/lalo           mailto:[EMAIL PROTECTED]
         pgp key: http://zope.gf.com.br/lalo/pessoal/pgp

Brazil of Darkness (RPG)    ---     http://zope.gf.com.br/BroDar

_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to