Hello. We are in the process of setting up a Zope site - some of which requires SSL some does not. So, do I need two Zope servers or can I avoid this somehow? My first thought was to put all the SSL content in a folder and have all the DTML methods check the REQUEST['SERVER_PORT'] and makes sure it's 443. I don't really know how safe that is as I don't know where SERVER_PORT comes from - the client or the server? Anyways, I can't do that for ZSQL methods or images so that won't work regardless. So what are my other options? I was thinking of maybe an SSLFolder product that won't allow any content to be viewed unless it's coming in on a given (default 443) port (or maybe some other means of checking for SSL) Or adding a "Viewable without SSL" permission - but I really don't know what either of those would entail. Any suggestions are greatly appreciated. Especially on a simpler way to solve the problem without two Zope servers installed. ^Roman