20 Apr
2000
20 Apr
'00
12:08 p.m.
Hi, srl wrote:
Now, the fact that we can add /manage to any URL to edit the data seems like a potential security hole. all it would take to crack a Zope password would be running a password guesser with user 'superuser'. Or am I missing something here?
I nice way is to disable all /manage - URLs for all hosts then localhost. Then use port-forwarding over ssh for editing the pages. This is like ssl for the poors :-) Regards Tino Wildenhain