David Pratt wrote:
Yes, this is a good approach, however am concerned about management from locations that may not have a static IP (if IP changes, then you are hooped). I am also looking for a way that this might not be tied to where someone might be located. I don't know if there is a solution that could involve a rewrite rule to manage and having a specific URL (other than manage) for logging in that is only known to the manager.
I guess the other thing I ought to be considering is another rule to prevent username passwords from being passed in URL as well. I am sure someone has probably done this as well.
It sounds like you should just be doing everything over https. How much of a problem would this be? cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk