[ZDP] BackTalk to Document The Zope Book (2.6 Edition)/Users and Security

webmaster at zope.org webmaster at zope.org
Mon Oct 10 21:18:04 EDT 2005


A comment to the paragraph below was recently added via http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/Security.stx#2-27

---------------

    If you're worried about someone "snooping" your username/password
    combinations, or you wish to manage your Zope site ultra-securely,
    you should manage your Zope site via an SSL (Secured Sockets
    Layer) connection.  The easiest way to do this is to use Apache or
    another webserver which comes with SSL support and put it "in
    front" of Zope.  Some (minimalistic) information about setting up
    Zope behind an SSL server is available at "Unfo's member page on
    Zope.org":http://www.zope.org/Members/unfo/apache_zserver_ssl, on
    "Zopelabs.com":http://www.zopelabs.com/cookbook/1028143332 .  The
    chapter of this book entitled "Virtual Hosting":VirtualHosting.stx
    also provides some background that may be helpful to set up an SSL
    server in front of Zope.

      % Anonymous User - Nov. 12, 2004 4:34 pm:
       What about ZServerSSL

      % Anonymous User - Oct. 10, 2005 9:18 pm:
       Unfo's page is rather old. I'd expect using mod_rewrite for that now instead. Ideally I would like to know
       how to configure a Zope Virtual host such that ordinary HTTP is used unless HTTP authorization is required,
       in which case SSL is automatically activated. I have tried several approaches with mod_rewrite but so far
       with no success.


More information about the ZDP mailing list