Midn you this is not in Zope yet, I am working o making it so Here's how I do it in PLSQL: Two steps: 1) the form action element calls the login method using https:// <form method="post" action="https://...../mts2.login"> This is not necessary however, you could still use <form method="post" action="mts2.login"> becuase 2) The login method checks to see if it is called from a valid port. This is the first statement in the method (or procedure as it is called in plsql-ish): ----- Original Message ----- From: "Bill Welch" <bill@carbonecho.com> To: <zope@zope.org> Sent: Thursday, March 22, 2001 8:16 PM Subject: Re: [Zope] Zope security management
Please share with us how you make sure that the login form can only be used over SSL.
Bill.
On Wed, 21 Mar 2001, Dario Lopez-Kästen wrote:
After we have established an SSL-connection, we use a forms based login procedure, that sends, in cleartext but over an encrypted ssl-connection, the username and password. We also make sure that the login form can only be used over SSL.
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )