On Sat, 31 Jul 1999, zope wrote:
While ZOPE with Apache-SSL is certainly possible , I personally would prefer a more tightly coupled structure than the lightweight server to server protocols provide(such as the certificate if available of the client That's not really a good idea. Exporting software with Cryptohooks is illegal in the US, so at least part of the Zope development had to move out of the US.
For most ecommerce solutions one doesn't need the tight coupled structure, as your users most probably don't supply client side certificates, etc. But if you do need this specialised capability, it's probably still a better idea to: -) transfer the information from Apache via the environment, in the worst case by using a special Apache mod, written just for this case. -) provide a special user folder class, that deals with the client certificate data to create the traditional ZOPE role based user model.
If encryption and X609v3 are available then zope becomes a FAR more Well, the problem here are: 1.) patents. As especially the US grants patents for software, ZOPE could become restricted by patents. Remember that ZOPE is developed in the US. 2.) US export regulations. (and other stupid crypto regulations, it's not just an US problem, but it's less of a problem in liberal countries.)
interesting possibility for ecommerce. And besides its on the TODO list for the Zserver... Pyhon SSL modules ARE available in source... Where are these available? the question is where and how...(and preferably offshore i.e. NON US developement).
Andreas -- Andreas Kostyrka | andreas@mtg.co.at phone: +43/1/7070750 | phone: +43/676/4091256 MTG Handelsges.m.b.H. | fax: +43/1/7065299 Raiffeisenstr. 16/9 | 2320 Zwoelfaxing AUSTRIA