[Web-SIG] Communicating authenticated user information

Jim Fulton jim at zope.com
Sun Jan 22 19:30:59 CET 2006

Phillip J. Eby wrote:
> At 05:45 PM 1/22/2006 +0000, Alan Kennedy wrote:
>>I agree about not sending this information back to the user: it's
>>unnecessary and potentially dangerous.
> Yep, it would be really dangerous to let me know who I just logged in to an 
> application as.  I might find out who I really am! ;)

The point is that there's really no reason to send this to the client.
It is certainly conceivable that some app could consider this
information sensitive.


Jim Fulton           mailto:jim at zope.com       Python Powered!
CTO                  (540) 361-1714            http://www.python.org
Zope Corporation     http://www.zope.com       http://www.zope.org

More information about the Web-SIG mailing list