We are running Zope 2.6.x and I noticed yesterday that I could do the following:
acl_users = container.acl_users user = acl_users.getUser('test_user') request.set('AUTHENTICATED_USER',user) print request.AUTHENTICATED_USER.getUserName() This isn't a huge deal since it doesn't seem to change the permissions available to the user. But many of our scripts rely on AUTHENTICATED_USER.getUserName() to return the actual logged in user. Is this addressed in later versions of Zope? Is there a better way to get the current user's user name? We allow untrusted developers on our Zope server and this may allow them to exploit certain systems. -Brian _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )