[Zope-CMF] Is there an example for implementing secure login
for CMF?
Romain Slootmaekers
romain@zzict.com
Sat, 18 Jan 2003 14:58:52 +0100
Jeffrey Franks wrote:
> Dieter Maurer wrote:
>
>>Jeffrey Franks wrote at 2003-1-16 13:37 -0600:
>> > I seem to recall a discussion regarding secure login.
>>What is this?
>>
>
>
> Secure login using ssh. I've looked through the archive into
> the middle of 2002 and could not find this.
>
> Can I make zope-cmf capable of secure logins? I need to setup the
> CMF site to handle secure and encrypted communications to
> make it very hard for "man in the middle" snooping/attacks.
the easiest is to just create a new virtual host with apache:
something like this in your httpd.conf
NameVirtualHost www.securesite.com:443
<VirtualHost www.securesite.com:443>
ServerName securesite.com
ProxyPass /
http://127.0.0.1:8080/VirtualHostBase/https/securesite.com:443//VirtualHostRoot/
SSLEngine on
SSLCertificateFile /etc/httpd/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
</VirtualHost>
to setup a CA, on linux with openssl, there are some scripts called
CA.pl and CA.sh (as root, do a "locate CA.pl" and you'll find them.)
Read the documentation IN the scripts, and act accordingly.
Enforcing correct behavior from the users (ie only logging in using
https) is more difficult. The only simple way is to not have a virtual
host at port 80 (so no http what so ever) for that site, although that
is probably not a feasible solution for you.
There is a discussion about this also on zope-dev right now.
have fun,
Sloot.