[Zope-CMF] Expiring inactive login sessions
Chris Withers
lists at simplistix.co.uk
Mon Mar 8 07:09:39 EST 2004
Felix Ulrich-Oltean wrote:
> PS - are there any more secure login methods for Zope without HTTPS,
> rather than sending the password as a base64-encoded cookie?
Some may look more secure, but all you're really doing is protecting the
password from being read. Any cookie-based sessioning without HTTPS exposes you
to a degree of risk...
...but yes, with CookieCrumbler, that risk is higher than with other methods :-)
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope-CMF
mailing list