Hi All - Been lurking on the list for a while, first post. My question is this: I'd like to have some sort of protection in the for the 'top' level accounts that could really munge up the site (we're using Plone over Zope) if somebody got ahold of them. I know the passwords are stored encrypted, but for all I've been able to find, they're still transmitted in plain text, correct? So, we had two ideas: First, is it possible to limit access of certain accounts based on an IP address? We should only ever be logging in as admins from our internal machines, so any external non-us IP would be automatically rejected. Second, we had thought about setting up Zope & Apache to use SSL, but that seemed like a bit of overkill for a relatively simple desire. Should I just go the SSL route, or is there a more obvious solution we're overlooking to protecting our more privileged accounts? Thanks, -Jake