redundant emergency user checks ?
Bug #908834 reported by
Markos Gogoulos
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zope PAS |
Won't Fix
|
Low
|
Unassigned |
Bug Description
Hello all,
As I was doing some debugging on a Plone portal I came into this.
On function _extractUserIds of PluggableAuthSe
What do you think?
Regards,
Markos
To post a comment you must log in.
The emergency user is still quite valuable, allowing the site owner to
recover from a catastrophic misconfiguration of the root acl_users folder.
The checks you describe are actually not uselessly redundant: each set
of credentials extracted by the configured plugins is tried first against
the emergency user; at the end, theere is also a "default default" check
for basic auth / emergency user (even if no normal basic auth plugin is
configured).
Again, this redundancy is there for "in case of emergency break glass"
cases, which would otherwise make configuring the PAS TTW too risky.