Tino Wildenhain wrote:

michael nt milne schrieb:

Yes I agree, having checked on basic http authentication I need SSL.
Basic http and cookie auth is insecure. I just feel that zope should
have this facility even with a self signed certificate, so that you
could do it without Apache and had more options. The option to even
just have it on for site logon would be good.


Yes you can do that. There are patches to use SSL directly w/ the
ZServer. But usually its by far not worth the trouble. Apache or
pound as frontend proxy are easy to setup and ease management
and load balancing.
_

Tino + 1

And heres a link to info re: ZopeSSL setup:

http://www.zope.org/Members/Ioan/ZopeSSL

I moved to Apache (for SSL) because its independent of Zope and it will give you SSL and the power of a world class server when you need it. ZopeSSL worked fine (when i last tried it, like zope 2.4x).

David