"Frank Tegtmeyer" <fte@d.de.mqi.net>

...

But SSL wouldn't help with the password issue!

That is another topic. If passwords are used (that's the current situation) encryption of the transmission eliminates one weakness of the system. Every eliminated weakness is a good thing.

Appropriate security engineering requires trading off the costs of protection versus the value of the thing protected. The cost of imposing such high-security tradeoffs on all Zope users, many of whom can mitigate such threats simply by keeping good backups of the Data.fs file, is too high, especially given the alternatives available (Apache+SSL, Roxen+SSL, Ng Pheng Siong's ZServerSSL, etc.) for the more paranoid. Best, Tres. -- ========================================================= Tres Seaver tseaver@digicool.com tseaver@palladion.com