forcing manage requests to use SSL
Hello, Is there a way to force Zope to use SSL when a user requests a manage login? Or would I have to use Apache to detect manage in the URL and redirect the login? (I'm running Zope behind Apache using ProxyPass - same way as Zope.org but without ZEO.) The problem is that relative newbies would be administering their own site, and they might have trouble remembering to login securely. But if the server did it for them it would be one less worry. thank you, Luke
From: "Luke Tymowski" <luke@seeto.com>
Is there a way to force Zope to use SSL when a user requests a manage login?
Realize that "a manage login" isn't well defined, unless you're providing the definition. *Any* request can require the "Manager" role, depending on how permissions are set, and conversely you can allow access to "management" URLs to people without "Manager" role. What you probably need is a UserFolder that refuses to authenticate any of its Users unless the access protocol is https. I'm sure that LoginManager can be made to do this. You might also want to try writing an External Method that removes the Basic Auth information from REQUEST if the protocol is wrong, and use it as an Access Rule. Cheers, Evan @ digicool & 4-am
participants (2)
-
Evan Simpson -
Luke Tymowski