6 Jun
2001
6 Jun
'01
7:47 p.m.
On Wed, 6 Jun 2001, Ragnar Beer wrote:
Of course it would not help against a prying administrator. It's plain simple to sniff the passwords from HTTP traffic.
Regards, Frank
And that's why you shouldn't allow access to the management interface via HTTP. (I just wonder why there is a *separate* ZServer with SSL
This is of not much help. Prying admin who already has access to filesystem will just hack Zope and get passwords mailed to him, SSL or no SSL - right from Zope. Oleg. ---- Oleg Broytmann http://www.zope.org/Members/phd/ phd@phd.pp.ru Programmers don't die, they just GOSUB without RETURN.