secure password transmission
I am a bit doubtful about the insecure password transmission in zope. How can I secure this action for user logins and for FTP access to the sites. I know I can limit the site access to a domain, but still I consider that as being to dangerous. Any ideas or hints to documentation of securing the password transfer process? Raphael
On Thu, 2003-01-16 at 11:18, Raphael Arlitt wrote:
I am a bit doubtful about the insecure password transmission in zope. How can I secure this action for user logins and for FTP access to the sites.
I know I can limit the site access to a domain, but still I consider that as being to dangerous.
Any ideas or hints to documentation of securing the password transfer process?
Hi, you can place Zope behind Apache, and protect management pages (for example) throught HTTPS... Thierry
Raphael Arlitt wrote at 2003-1-16 10:18 +0000:
I am a bit doubtful about the insecure password transmission in zope. How can I secure this action for user logins and for FTP access to the sites.
I know I can limit the site access to a domain, but still I consider that as being to dangerous.
Any ideas or hints to documentation of securing the password transfer process? A quite secure way is to use SSL for your complete transactions or use SSL at least for login and cookie base authentication otherwise.
HowTos for Zope+SSL on Zope.org. Dieter
participants (3)
-
Dieter Maurer -
Raphael Arlitt -
Thierry Florac