Tino Wildenhain wrote:
michael nt milne schrieb:
Yes I agree, having checked on basic http authentication I need SSL. Basic http and cookie auth is insecure. I just feel that zope should have this facility even with a self signed certificate, so that you could do it without Apache and had more options. The option to even just have it on for site logon would be good.
Yes you can do that. There are patches to use SSL directly w/ the ZServer. But usually its by far not worth the trouble. Apache or pound as frontend proxy are easy to setup and ease management and load balancing. _
Tino + 1 And heres a link to info re: ZopeSSL setup: http://www.zope.org/Members/Ioan/ZopeSSL I moved to Apache (for SSL) because its independent of Zope and it will give you SSL and the power of a world class server when you need it. ZopeSSL worked fine (when i last tried it, like zope 2.4x). David