-----Original Message----- From: Joseph Thomas (s) Sent: Wednesday, March 04, 2009 10:50 AM To: 'lists@zopyx.com' Subject: RE: [Zope] sending a encrypted login URL I think I get what you're suggesting, but let me clarify. I actually wanted the sensitive portions of URL to be encrypted..because it will be link on a page that says "login to zope"..but I wouldn't want the user or a snooper to be able to view the page source and figure out the URL pattern and the username/password. SSL will ensure that the transport between the browser and the zope server will be encrypted using PKI, but I really want to obfuscate the user name and password parameters in the login URL. So that that if some1 where to view the source they'd see garbled username/password parameters. I suppose I could use the PKI to encrypt the username/password with my zope server's public key (but is there a API to do this on a J2EE container) and then have my zope server decrypt using its private key (but how would zope know that the username/password parameters are 2 be treated as encrypted data)? -----Original Message----- From: Andreas Jung [mailto:lists@zopyx.com] Sent: Wednesday, March 04, 2009 10:38 AM To: Joseph Thomas (s) Cc: zope@zope.org Subject: Re: [Zope] sending a encrypted login URL -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Use SSL and you're done. - -aj On 04.03.2009 17:29 Uhr, Joseph Thomas (s) wrote:
We'd like to construct a zope login URL of the form on another server:
http://zope.domain:port/context/logged_in?__ac_name=uzzzzzz&__ac_password=xx... <http://zope.domain:port/context/logged_in?__ac_name=uzzzzzz&__ac_password=xxxxxxx&submit=Log+in>
where the ac_name and ac_password parameters are encrypted using zope public key (?) and have the parameters decrypted when zope receives the request and login the user.
Is there an API or some way to encrypt the username and password on the 3^rd party app server and configure zope so that it treats the parameters as encrypted values rather than plaintext?
Joseph Thomas
College of American Pathologists
http://www.cap.org <http://www.cap.org/>
------------------------------------------------------------------------
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
- -- ZOPYX Ltd. & Co. KG - Charlottenstr. 37/1 - 72070 Tübingen - Germany Web: www.zopyx.com - Email: info@zopyx.com - Phone +49 - 7071 - 793376 Registergericht: Amtsgericht Stuttgart, Handelsregister A 381535 Geschäftsführer/Gesellschafter: ZOPYX Limited, Birmingham, UK - ------------------------------------------------------------------------ E-Publishing, Python, Zope & Plone development, Consulting -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkmurnAACgkQCJIWIbr9KYylKQCgn3WWP5SzGrrAQbJIQXv7Bfac 3fwAoIiI4iwtVBFVRg7jtZu5Vgy5fw3f =MHol -----END PGP SIGNATURE----- Consider our environment; please print this e-mail only if truly necessary. Thank you!