On Mon, 12 Apr 2004, Chris Withers wrote:

> For me, that's worth patching for, it's up to you if you want to include
> it in an offical CookieCrumbler release or not ;-)

Making cookie authentication secure is surprisingly difficult, and you've
barely taken one step.  I don't want CookieCrumbler to go in this
direction at all.  A much more fruitful endeavor would be to simply add
digest authentication support to Zope's user folders.  See the middle of
this page for a fairly clear explanation:



Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to