Lennart Regebro wrote:
Another idea: Maybe I could make an object that does not have public access, and store that in the session?

That seems to work!

Here is the class:

class ProtectedUsername:
    """An object where the username is not accessible from user code."""
    def _setUsername(self, username):
        self.__username = username

    def _getUsername(self):
        return self.__username

Very simple indeed.

It is impossible to define up a class that has methods that start with underscore from user code. and even other usercode classes seem not to be pickable (is that correct?) so even though you can replace the value of SESSION['__ac'] you can't replace it with any usercode object, and definitely not with anything that has a _getUsername() method.
And, as additional security, when I use I check that it really is a ProtectedUsername object:

    if ob is not None and isinstance(ob, ProtectedUsername):
        username = ob._getUsername()

This *should* mean, that as long as you don't allow usercode to import a ProtectedUsername object, it should be safe. In fact, you can't even figure out what the username is. ;)

It would be great if somebody could try and break this. Hmmm. I should offer an incentinve of some sort. I'll buy you a beer (or equivalent) next time you are in Paris, if you succeed ;)

Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to