25 Mar
2005
25 Mar
'05
12:30 p.m.
Hi. I am working on a financial product and it appears to me that the /manage login for Zope could be a potential problem if you are running zope since your server is easily guessed and one can go to this url and try passwords. Can someone suggest an alternative to this or some modification to Zope that might make this less obvious. I best I can think of would be to do a rewrite on the /manage url but I still need manager access to zmi through the web. I plan on forcing ssl through apache when making a connection on whatever URL is used to login. Any ideas? Regards, David