Mailing List Archive

On 02/02/2012 10:46 AM, Hugo Ramos wrote:
> I need to reuse a web application I developed around 2005/2006. This
> App was using CookieCrumbler as it's only authentication method but it
> seems that after zope 2.11.x the product is broken as it has a few
> imports from deprecated classes.
>
> Anyone knows about CookieCrumbler versions above 1.2 or some other
> replacement for this product?

Zope's pluggable authentication service replaces it.

Shane
_______________________________________________
Zope maillist - Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )

What is the main advantage of PAS over cookie crumbler over SSL out of interest?
Cheers
Rich


On 2 Feb 2012, at 21:57, Shane Hathaway <shane@hathawaymix.org> wrote:

> On 02/02/2012 10:46 AM, Hugo Ramos wrote:
>> I need to reuse a web application I developed around 2005/2006. This
>> App was using CookieCrumbler as it's only authentication method but it
>> seems that after zope 2.11.x the product is broken as it has a few
>> imports from deprecated classes.
>>
>> Anyone knows about CookieCrumbler versions above 1.2 or some other
>> replacement for this product?
>
> Zope's pluggable authentication service replaces it.
>
> Shane
> _______________________________________________
> Zope maillist - Zope@zope.org
> https://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> https://mail.zope.org/mailman/listinfo/zope-announce
> https://mail.zope.org/mailman/listinfo/zope-dev )
_______________________________________________
Zope maillist - Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )

On 02/02/2012 22:57, Richard Harley wrote:
> What is the main advantage of PAS over cookie crumbler over SSL out of interest?

It's even more complicated and maintained just as little ;-)

Chris

--
Simplistix - Content Management, Batch Processing & Python Consulting
- http://www.simplistix.co.uk
_______________________________________________
Zope maillist - Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )

Standalone CookieCrumbler is not generating http-only cookies. With PAS you can handle stuff like password strength and renewal strategies or account locking in a pluggable way. Read docs on pypi and
http://plone.org/documentation/kb/securing-plone

--- Ursprüngl. Mitteilung ---
Von:Richard Harley
Gesend.: 02.02.2012, 23:57
An: Shane Hathaway
Cc: zope@zope.org
Betreff:Re: [Zope] CookieCrumbler, any new versions or replacement?


What is the main advantage of PAS over cookie crumbler over SSL out of interest?
Cheers
Rich


On 2 Feb 2012, at 21:57, Shane Hathaway <shane@hathawaymix.org> wrote:

> On 02/02/2012 10:46 AM, Hugo Ramos wrote:
>> I need to reuse a web application I developed around 2005/2006. This
>> App was using CookieCrumbler as it's only authentication method but it
>> seems that after zope 2.11.x the product is broken as it has a few
>> imports from deprecated classes.
>>
>> Anyone knows about CookieCrumbler versions above 1.2 or some other
>> replacement for this product?
>
> Zope's pluggable authentication service replaces it.
>
> Shane
> _______________________________________________
> Zope maillist - Zope@zope.org
> https://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> https://mail.zope.org/mailman/listinfo/zope-announce
> https://mail.zope.org/mailman/listinfo/zope-dev )
_______________________________________________
Zope maillist - Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )
_______________________________________________
Zope maillist - Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/02/2012 05:57 PM, Richard Harley wrote:
> What is the main advantage of PAS over cookie crumbler over SSL out of
> interest?

It is maintained.


Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver@palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8sL0kACgkQ+gerLs4ltQ7oaACePzmMncK4CUqU8NBQZ+nSDI0V
xAkAoJMfEx1Ml8sWMZVBoydlZhyDNMo9
=tZLQ
-----END PGP SIGNATURE-----

_______________________________________________
Zope maillist - Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/03/2012 01:20 PM, Chris Withers wrote:
> On 02/02/2012 22:57, Richard Harley wrote:
>> What is the main advantage of PAS over cookie crumbler over SSL out
>> of interest?
>
> It's even more complicated and maintained just as little ;-)

I'll grant the complicated, as PAS is a framework which makes pretty much
evey part of the authentication process pluggable. However, the most
recent release of PAS was four days ago, which hardly makes for
"unmaintained."


Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver@palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8sM2wACgkQ+gerLs4ltQ5rYgCg16faE9eZLEWe3pkketjFoIDw
xaYAn2GmDwCQGWkchVAsjMatdlWqdI0N
=82fX
-----END PGP SIGNATURE-----

_______________________________________________
Zope maillist - Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )

On 03/02/2012 19:20, Tres Seaver wrote:
>>> What is the main advantage of PAS over cookie crumbler over SSL out
>>> of interest?
>>
>> It's even more complicated and maintained just as little ;-)
>
> I'll grant the complicated, as PAS is a framework which makes pretty much
> evey part of the authentication process pluggable. However, the most
> recent release of PAS was four days ago, which hardly makes for
> "unmaintained."

I'm still all about Products.SimpleUserFolder coupled with
CookieCrumbler, never had any bug reports ;-)

Chris

--
Simplistix - Content Management, Batch Processing & Python Consulting
- http://www.simplistix.co.uk
_______________________________________________
Zope maillist - Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )