-----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of T.J. Mannos Sent: Wednesday, June 21, 2000 9:42 AM To: IPM Return requested Receipt notification requested Subject: RE: [Zope] ZServer+SiteAccess+Apache+SSL
I got Apache+mod_ssl+OpenSSL working, and I just threw it into the mix. I have two virtual hosts, one HTTP on port 80 and one SSL on port 443. Both do nothing but ProxyPass to the same http:// address on port 9080. I don't know if I like that solution, though.
This solution "looks" secure, but I'm not so sure. It's a secure connection between the client and the server, and, since Zope and Apache are on the same machine, there's no insecure communication over our LAN. However, if I happen to have a hacker running a packet sniffer on my server, I'm screwed.
If you have a hacker running a sniffer on your server you are screwed regardless of your system configuration.