6 Jun
2001
6 Jun
'01
8:03 p.m.
Of course it would not help against a prying administrator. It's plain simple to sniff the passwords from HTTP traffic.
And that's why you shouldn't allow access to the management interface via HTTP. (I just wonder why there is a *separate* ZServer with SSL
This is of not much help. Prying admin who already has access to filesystem will just hack Zope and get passwords mailed to him, SSL or no SSL - right from Zope.
If you can't trust your admin. Get another admin.