19 Apr
2000
19 Apr
'00
12:48 p.m.
concerning the fact that the "manage" suffix to an address is hardcoded, there's always the possibility for those who run apache in front of zope to write a rewrite rule
That's a hackers solution. 1. Zope should integrate SSL. 2. All protected pages should be delivered only through SSL by default. 3. A fallback to use management and protected pages without SSL should be there, but it has to be enabled by hand. That would eliminiate many risks with little effort for non hackers. Regards, Frank