On 4/19/07, Wichert Akkerman <[EMAIL PROTECTED]> wrote:
The emergency user handling in PAS is very robust; I do not see how even
a completely broken user folder at a higher level can break that.

If the higher level user folder uses cookie authentication for
example, and the emergency user exists on the root user folder. Since
credentials are extracted in the higher level user folder and not
passed on to the root user folder, the root user folder never gets a
chance to authenticate the emergency user.

The main problem for Plone (and other frameworks/applications) is that
if the root user folder is not a PAS you can get users objects which do
not implemented the IPropertiedUser interface, which may break your

That's not as big of a problem as not being able to log in, right?

> I haven't
> seen any good justification of *why* that's a lame idea so far. 'It's
> lame because I said it is' doesn't cut it for me.

It's an unneeded change to a critical object. If you can get away with
not doing that you remove a possible risk of breakage.

I could argue against 'unneeded'. As for possible risk of breakage,
it's as risky as using PAS for a non-root user folder. Since, as you
mentioned, emergency user should work fine, I don't see any risk,

If PAS is prone to breakage it should be made robust, period. It's a
matter of 'do we trust our own software or not'.

The impression I get from being on this list is 'oh you can use it,
but there are no guarantees', 'if it breaks don't come complain to us,
is not our fault'. Maybe it would be better *not* to recommend PAS at

Sidnei da Silva
Enfold Systems                http://enfoldsystems.com
Fax +1 832 201 8856     Office +1 713 942 2377 Ext 214
Zope-PAS mailing list

Reply via email to