6 Jun
2001
6 Jun
'01
8:07 p.m.
On Wed, 6 Jun 2001, Steve Drees wrote:
Of course it would not help against a prying administrator. It's plain simple to sniff the passwords from HTTP traffic.
And that's why you shouldn't allow access to the management interface via HTTP. (I just wonder why there is a *separate* ZServer with SSL
This is of not much help. Prying admin who already has access to filesystem will just hack Zope and get passwords mailed to him, SSL or no SSL - right from Zope.
If you can't trust your admin. Get another admin.
If you trust your admin - why do you need to encrypt Zope passwords? Oleg. ---- Oleg Broytmann http://www.zope.org/Members/phd/ phd@phd.pp.ru Programmers don't die, they just GOSUB without RETURN.