On Mon, 12 Apr 2004, Chris Withers wrote: > I think the attached patch (against CookieCrumbler 1.1) makes > CookieCrumbler a little more secure.
Your patch won't work with multiple ZEO app servers. It appears to store the tokens in a module global. Do not apply it. > PS: To make cookie auth properly secure, you really need to be working > over SSL only I agree--SSL is required. Let's not give people a false sense of security by changing CookieCrumbler. Shane _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )