[Zope-dev] Secure Tranactions with Zserver
Andreas Kostyrka
andreas@mtg.co.at
Sun, 1 Aug 1999 23:24:11 +0200 (CEST)
On Sat, 31 Jul 1999, zope wrote:
> While ZOPE with Apache-SSL is certainly possible , I personally would
> prefer a more tightly coupled structure than the lightweight server to server
> protocols provide(such as the certificate if available of the client
That's not really a good idea. Exporting software with Cryptohooks is
illegal in the US, so at least part of the Zope development had to move
out of the US.
For most ecommerce solutions one doesn't need the tight coupled structure,
as your users most probably don't supply client side certificates, etc.
But if you do need this specialised capability, it's probably still a
better idea to:
-) transfer the information from Apache via the environment, in the worst
case by using a special Apache mod, written just for this case.
-) provide a special user folder class, that deals with the client
certificate data to create the traditional ZOPE role based user model.
> If encryption and X609v3 are available then zope becomes a FAR more
Well, the problem here are:
1.) patents. As especially the US grants patents for software, ZOPE could
become restricted by patents. Remember that ZOPE is developed in the
US.
2.) US export regulations. (and other stupid crypto regulations, it's not
just an US problem, but it's less of a problem in liberal countries.)
> interesting possibility for ecommerce. And besides its on the TODO list
> for the Zserver... Pyhon SSL modules ARE available in source...
Where are these available?
> the question is where and how...(and preferably offshore i.e. NON US
> developement).
Andreas
--
Andreas Kostyrka | andreas@mtg.co.at
phone: +43/1/7070750 | phone: +43/676/4091256
MTG Handelsges.m.b.H. | fax: +43/1/7065299
Raiffeisenstr. 16/9 | 2320 Zwoelfaxing AUSTRIA