On Mon, 12 Apr 2004, Chris Withers wrote:

> For me, that's worth patching for, it's up to you if you want to include
> it in an offical CookieCrumbler release or not ;-)

Making cookie authentication secure is surprisingly difficult, and you've
barely taken one step.  I don't want CookieCrumbler to go in this
direction at all.  A much more fruitful endeavor would be to simply add
digest authentication support to Zope's user folders.  See the middle of
this page for a fairly clear explanation:

http://frontier.userland.com/stories/storyReader$2159

Shane

_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to