Am 09.02.2014 23:10, schrieb Jon Grange:
> Hello all
> Returning to a zope 2 web application I built 5 or 6 years ago that now
> needs some updating. Is cookie crumbler over SSL still a good and proper
> way to secure a public facing website?


if I remember right CC used the Basic access auth string (base64 encoded
login/password) as content for its auth-cookie, which is clearly not a
nice practice. however, this could easily be changed to some sort of
session key...

Regards, Frank


> 
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> https://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  https://mail.zope.org/mailman/listinfo/zope-announce
>  https://mail.zope.org/mailman/listinfo/zope-dev )
> 

_______________________________________________
Zope maillist  -  Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 https://mail.zope.org/mailman/listinfo/zope-announce
 https://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to