[OTDev] AA: the anonymous user
Micha Rautenberg mr at mrautenberg.deSun Jun 20 13:44:55 CEST 2010
- Previous message: [OTDev] AA: the anonymous user
- Next message: [OTDev] AA: who handles the authentication
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dear All, I created the users guest - with password guest and anonymous - with password anonymous for our testings. Both user are not able to login into the plone system! They should not be able to change passwords anyway. I choose the guestuser-version with the non empty password, for not having to change the LDAP configuration, which disallows empty passwords by default and by reason. best greets, Micha Tobias Girschick schrieb: > Hi Luchesar, All, > > On Thu, 2010-06-17 at 18:34 +0300, Luchesar V. ILIEV wrote: > >> Folks, >> >> I'd like to gradually start discussion on several points that seems to >> be needing specific attention. Let's start with the anonymous or guest >> user. >> > Good point. > > >> 1. Let's decide on the exact username: "anonymous" or "guest". I have >> slight preference for the first one, because "guest" somehow implies >> more restricted access -- however, that user is supposed to access ALL >> public data, not, for instance, only some "demo" excerpts. >> > > I also prefer anonymous. > > >> 2. What about the password? Should it be just "blank" one? Or >> something like "opentox". Or even user's e-mail address, FTP-style >> (however, this one might be difficult to implement, as it is unlikely >> to be supported by OpenSSO/Plone)? >> > > I think in the IT world anonymous + blank is pretty common. > > Cheers > Tobias > > >> 3. Once the exact username and password are decided, it might make >> sense to finally enter the user into Plone's database, so that we can >> start testing. >> >> 4. Let's not forget that at some point of time we should create >> policies for ALL existing public resources that grant "read" (GET, but >> sometimes also POST) access for that user. >> >> 5. If any type of quotas are implemented, even if with the intention >> to just protect a service from being overloaded, obviously the >> "anonymous" or "guest" user would need special treatment. >> >> Cheers, >> Luchesar >> _______________________________________________ >> Development mailing list >> Development at opentox.org >> http://www.opentox.org/mailman/listinfo/development >> > >
- Previous message: [OTDev] AA: the anonymous user
- Next message: [OTDev] AA: who handles the authentication
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list