[Web-SIG] Communicating authenticated user information
jim at zope.com
Sun Jan 22 19:30:59 CET 2006
Phillip J. Eby wrote:
> At 05:45 PM 1/22/2006 +0000, Alan Kennedy wrote:
>>I agree about not sending this information back to the user: it's
>>unnecessary and potentially dangerous.
> Yep, it would be really dangerous to let me know who I just logged in to an
> application as. I might find out who I really am! ;)
The point is that there's really no reason to send this to the client.
It is certainly conceivable that some app could consider this
Jim Fulton mailto:jim at zope.com Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
More information about the Web-SIG