On Tue, Jun 06, 2000 at 04:03:50PM -0600, Bill Anderson wrote:
> Cool. I tried the ZClass route (less restarts ;) gave it Fname,Lname,and
> zpasswd as fields. (ISTR something about the password needing to be a
> field)

Running the risk of repeating myself:

if the password is a ZClass property, any DTML method can read
any user's password. It's ok if you don't plan to allow users
to edit DTML (recommended), but anyway it's a hole I don't want
to leave open in my site because I know I will forget it later.

          Hack and Roll  ( http://www.hackandroll.org )
            News for, uh, whatever it is that we are.

http://zope.gf.com.br/lalo           mailto:[EMAIL PROTECTED]
         pgp key: http://zope.gf.com.br/lalo/pessoal/pgp

Brazil of Darkness (RPG)    ---     http://zope.gf.com.br/BroDar

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to