[Zope-dev] Disable manage interface on-purpose
Sin Hang Kin
kentsin@poboxes.com
Sun, 23 Apr 2000 08:53:17 +0800
The manage interface is really making web masters and boss worry. It seems
not easy to separate them from an ordinary zope site without restricting its
usage. However, with a production web server like these is really a danger.
It is also a preventing device for un-technical user to adopting zope.
Are there solutions such that to restrict the interactive management
interface from being use with run-time option? May not a technically correct
move, but certianly have reason for marketing. An anonymous-only flag?
no-superuser flag?
Rgs,
Kent Sin
----------------------------------- Q u o t i n g F r o m Z o p e A d m
L i s t ----------------------------
okay, that means that instead of it taking N tries to hack a password, it
takes N^2 tries. *shrug* a little better.
is there a way to run all the /manage pages behind SSL, so they're less
prone to password sniffing? or to rename /manage to something a little
more obscure? it just seems to me that the /manage URLs are just waiting
to be exploited by some cracker.
srl, picking security nits