ZServerSSL looks interesting, but the setup for NT is atrocious (you have to install Perl, have Visual C++, install an assembler if you want decent speed, etceteras). A version of the library built by the author (or Digital Solutions, or some other trusted source) and ready-to-install would make it a far more practical solution. Make installation an unzip-into-directory and a script to walk through generating the certificate and you'll see adoption far more likely... at least, until Python 1.6 with rumoured SSL sockets built-in arrives :) . Ah well, more work-cost than benefit in my case :) , enjoy, Mike -----Original Message----- From: Tres Seaver [mailto:tseaver@palladion.com] Sent: Wednesday, April 19, 2000 7:00 PM To: zope@zope.org; Frank Tegtmeyer Subject: Re: [Zope] www.oswg.org runs Zope? ... Appropriate security engineering requires trading off the costs of protection versus the value of the thing protected. The cost of imposing such high-security tradeoffs on all Zope users, many of whom can mitigate such threats simply by keeping good backups of the Data.fs file, is too high, especially given the alternatives available (Apache+SSL, Roxen+SSL, Ng Pheng Siong's ZServerSSL, etc.) for the more paranoid. ...
On Wed, Apr 19, 2000 at 09:05:59PM -0400, Mike Fletcher wrote:
ZServerSSL looks interesting, but the setup for NT is atrocious (you have to install Perl, have Visual C++, install an assembler if you want decent speed, etceteras). A version of the library built by the author (or Digital Solutions, or some other trusted source) and ready-to-install would make it a far more practical solution.
I've just put up a Win32 distribution of M2Crypto; this is the original source package plus one DLL for M2Crypto and two for OpenSSL. See http://www.post1.com/home/ngps/m2 ZServerSSL is in the demo/ directory.
Make installation an unzip-into-directory and a script to walk through generating the certificate and you'll see adoption far more likely... at least, until Python 1.6 with rumoured SSL sockets built-in arrives :) .
Sorry, installation is still by-hand. ;-) For certificate generation and such, I've been using CA.pl, OpenSSL's Perl program for this purpose. I've toyed with rewriting CA.pl in Python, but other more urgent itches beckon. ;-) You may want to look at PyCA by Michael Stroeder (ascii-ification spelling error, sorry). Ask Parnassus for url. For some shop talk 1.6's SSL, hop over to python-crypto@egroups.com. Cheers. -- Ng Pheng Siong <ngps@post1.com> * http://www.post1.com/home/ngps
participants (2)
-
Mike Fletcher -
Ng Pheng Siong