[ZDP] BackTalk to Document The Zope Book (2.6 Edition)/Users and
Security
webmaster at zope.org
webmaster at zope.org
Mon Oct 10 21:18:04 EDT 2005
A comment to the paragraph below was recently added via http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/Security.stx#2-27
---------------
If you're worried about someone "snooping" your username/password
combinations, or you wish to manage your Zope site ultra-securely,
you should manage your Zope site via an SSL (Secured Sockets
Layer) connection. The easiest way to do this is to use Apache or
another webserver which comes with SSL support and put it "in
front" of Zope. Some (minimalistic) information about setting up
Zope behind an SSL server is available at "Unfo's member page on
Zope.org":http://www.zope.org/Members/unfo/apache_zserver_ssl, on
"Zopelabs.com":http://www.zopelabs.com/cookbook/1028143332 . The
chapter of this book entitled "Virtual Hosting":VirtualHosting.stx
also provides some background that may be helpful to set up an SSL
server in front of Zope.
% Anonymous User - Nov. 12, 2004 4:34 pm:
What about ZServerSSL
% Anonymous User - Oct. 10, 2005 9:18 pm:
Unfo's page is rather old. I'd expect using mod_rewrite for that now instead. Ideally I would like to know
how to configure a Zope Virtual host such that ordinary HTTP is used unless HTTP authorization is required,
in which case SSL is automatically activated. I have tried several approaches with mod_rewrite but so far
with no success.
More information about the ZDP
mailing list