Am 09.02.2014 23:10, schrieb Jon Grange: > Hello all > Returning to a zope 2 web application I built 5 or 6 years ago that now > needs some updating. Is cookie crumbler over SSL still a good and proper > way to secure a public facing website?
if I remember right CC used the Basic access auth string (base64 encoded login/password) as content for its auth-cookie, which is clearly not a nice practice. however, this could easily be changed to some sort of session key... Regards, Frank > > > _______________________________________________ > Zope maillist - Zope@zope.org > https://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > https://mail.zope.org/mailman/listinfo/zope-announce > https://mail.zope.org/mailman/listinfo/zope-dev ) > _______________________________________________ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )