[Zope-dev] Disable manage interface on-purpose

Sin Hang Kin kentsin@poboxes.com
Sun, 23 Apr 2000 08:53:17 +0800


The manage interface is really making web masters and boss worry. It seems
not easy to separate them from an ordinary zope site without restricting its
usage. However, with a production web server like these is really a danger.
It is also a preventing device for un-technical user to adopting zope.

Are there solutions such that to restrict the interactive management
interface from being use with run-time option? May not a technically correct
move, but certianly have reason for marketing. An anonymous-only flag?
no-superuser flag?

Rgs,

Kent Sin

----------------------------------- Q u o t i n g  F r o m  Z o p e A d m
L i s t ----------------------------

okay, that means that instead of it taking N tries to hack a password, it
takes N^2 tries. *shrug* a little better.

is there a way to run all the /manage pages behind SSL, so they're less
prone to password sniffing? or to rename /manage to something a little
more obscure? it just seems to me that the /manage URLs are just waiting
to be exploited by some cracker.


srl, picking security nits