On Mon, 12 Apr 2004, Chris Withers wrote:
> I think the attached patch (against CookieCrumbler 1.1) makes
> CookieCrumbler a little more secure.
Your patch won't work with multiple ZEO app servers. It appears to store
the tokens in a module global. Do not apply it.
> PS: To make cookie auth properly secure, you really need to be working
> over SSL only
I agree--SSL is required. Let's not give people a false
sense of security by changing CookieCrumbler.
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -