I like the idea of adding cookie auth to the API. The user product choices
are convoluted and I think the community would benefit from adding standard
capability to the core.
Adding to that...
my priority would be to extend acl_users folder to allow for built-in
storage of additional user properties beyond username/password.
Yes, there are user products that do this to a point, but an API that allows
you to simply do it in ZODB would be ideal.
Maybe someone more familiar could determine a "best of" integration that
addresses acl_users folder extensibility and security to add this to Z2.6.
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
> Of Dario Lopez-Kästen
> Sent: Tuesday, March 05, 2002 3:09 PM
> To: [EMAIL PROTECTED]
> Subject: [Zope-dev] Cookie Crumbler and similar products (Re: Zope 2.6
> project updated)
> From: "Matt Behrens" <[EMAIL PROTECTED]>
> > Christian Theune wrote:
> > > Well I saw the cookie crumbler wish has been added to the
> list already,
> > > and (as i tested it out this moment) don't see what exactly needs to
> > > be done than adding it by default to the root userfolder.
> > > Well, probably some facelifting to the default login, thats not
> > > urgent in any way but if wished i would do that.
> > Well, as far as "least-intrusive", CC loses some points by not being
> > compatible with some of the user folders that do their own cookie auth,
> > although that's arguably not CC's fault.
> Which makes me think of another point. I haven't used Zope 2.5.1
> yet, but I
> understand from some of the traffic on the mailinglists that some have
> wanted to disable the session tracking/session management beause it
> interferes with the solutions they allready use for session tracking.
> And now there is a possible inclusion of another product (CC) that might
> conflict with other products' cookie functionality.
> Instead of locking up users with a particular implementation of a solution
> to a general problem, why not present an API for a) session management and
> b) cookie management, and then present default products that use
> these API's
> to provide solutions? This way it will not be hard to replace both session
> management and cookie management with other products.
> Any one else think that this might be a worthwhile idea? If so, I
> can offer
> time and effort and my limited knowledge of zope to make this possible.
> Zope-Dev maillist - [EMAIL PROTECTED]
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope )
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -