[Zope-dev] Secure Tranactions with Zserver

[Andreas Kostyrka]

On Sat, 31 Jul 1999, zope wrote:

> While ZOPE with Apache-SSL is certainly possible , I personally would
> prefer a more tightly coupled structure than the  lightweight server to server
> protocols provide(such as the certificate if available of the client
That's not really a good idea. Exporting software with Cryptohooks is
illegal in the US, so at least part of the Zope development had to move
out of the US.

For most ecommerce solutions one doesn't need the tight coupled structure,
as your users most probably don't supply client side certificates, etc.

But if you do need this specialised capability, it's probably still a
better idea to:
-) transfer the information from Apache via the environment, in the worst
   case by using a special Apache mod, written just for this case.
-) provide a special user folder class, that deals with the client
   certificate data to create the traditional ZOPE role based user model.

> If encryption and X609v3  are available then zope becomes a FAR more
Well, the problem here are:
1.) patents. As especially the US grants patents for software, ZOPE could
    become restricted by patents. Remember that ZOPE is developed in the
    US.
2.) US export regulations. (and other stupid crypto regulations, it's not
    just an US problem, but it's less of a problem in liberal countries.)

>  interesting possibility for ecommerce. And besides its on the TODO list
> for the Zserver... Pyhon SSL modules ARE available in source...
Where are these available?
> the question is where and how...(and preferably offshore i.e. NON  US
> developement).

Andreas
--
Andreas Kostyrka                     | andreas@mtg.co.at
phone: +43/1/7070750                 | phone: +43/676/4091256   
MTG Handelsges.m.b.H.                | fax:   +43/1/7065299
Raiffeisenstr. 16/9                  | 2320 Zwoelfaxing AUSTRIA