Alexander Limi wrote:
Just a quick question:
Yes of course. :-)
When you log on as a user in a Zope, is it possible to authenticate users via a secure connection easily? (via SSL, aka. https).
Of course, you can run Zope behind Apache-SSL, Netscape, etc. We have several customers doing this. Then you might just write a small rule that prohibits: .*/manage for non-secure connections.
I find it a bit discomforting when people can monitor the network and sniff the passwords used to access the folders of my users. (I know the superuser password is relatively safe because of the IP-check, but ideally this should also be SSL encrypted.
Alas, the world is still *very* antiquated for identification and authorization on the web. We can't even get uniform digest auth :/ The only real advantage would be to go to Client Certs, and we could talk some about this. Chris