I keep seeing references to using SSL with Zserver, but I cant seem to find out how to.... When reading M2Crypto documentation, I notice that it is for NT versions of Zope (using Linux...) I thought I saw somewhere that Zope 2.5 supported SSL, but now I cant find that reference either.... I hacked through a workaround using APACHE and ZServer but it only kinda worked and I didnt feel comfortable running an instance of apache just for SSL There is some discussion, rather old, integration of an SSL server in Zope, did that ever happen? If it did, where do I find out how to use it? OR perhaps I should consider something else? What I am trying to do is use authentication over a secured channel to determine an enduser and their roles *without* asking them to login in again..... I know from the HTTP_REFER variable that they have already validated and I dont wnat to make them login in again..... If anyone has any slick suggestion on how I might do this easily, I would greatly appreciate it.... TIA WPH
Quoting Me <wphewitt@attbi.com>:
What I am trying to do is use authentication over a secured channel to determine an enduser and their roles *without* asking them to login in again..... I know from the HTTP_REFER variable that they have already validated and I dont wnat to make them login in again.....
As I'm sure someone will point out, this is ludicrously insecure. The HTTP_REFERER variable is sent from the client, and as such can be changed, and you "login" can be spoofed. I recommend looking into the various auth products (exUserFolder being my personal favourite) and if you *must* have some kind of cross-site login, do something with (secure) cookies.
If anyone has any slick suggestion on how I might do this easily, I would greatly appreciate it...
I'm not really sure how SSL and authentication are related unless: 1) You're doing client SSL certificate auth - which is very interesting 2) You want to protect the initial username/password data, which is fine but hardly novel. What you sound like you want to do (common authentication between two sites) is something like passport.com, which they do using an (albeit clever) cookie setup and HTTP redirects. Some more details would help.
TIA
WPH
Cheers, Phil ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/
hi, I just created a zclass which is derived from the dtml-document. The only difference are some additional properties. Now the question: How is it possible to add a default text to an instance of the new zclass? I tried to add a text by dtml after the creation of the instance, but without success. Perhaps someone understands my question and is able to help ... Thanks a lot Marc
participants (3)
-
Marc Fischer -
Me -
pjm3@ic.ac.uk