Robert OConnor wrote:
How does ZOPE integrate with a "SSL" secure server such as
Red Hat Secure Web Server 2.0 http://www.redhat.com/product.phtml/WB2000
I have some understanding of the security offered on the server but what about security between the browser and the server?
Can (and How) can SSL be integrated into the ZOPE login.
If you use client sertificates, then you can get the SSL authenticated user from CGI variables If you use just uername/passwd then there should be no difference between HTTP and HTTPS in CGIs
I understand that SSL servers are slowed down but only ID/Passwords need be SSL and after that, during the session, SSL security doesn't have to be used.
HTTPS uses SSL for whole session. If you want just your login to be encrypted you should use challenge/response authentication. I'm not sure which browsers (except MS ones) use this. It should not be too hard to add this to ZopeServer if browser support exists. ----------------- Hannu