[Zope] - Zope and SSL
Ronald Offerman
ron@bofh-power.gjt-it.nl
Sat, 12 Dec 1998 16:27:25 +0100
> > I already use Apache Redirect for some secure parts of current websites, any
> > advantage using the ReWriteEngine over Redirect? (besides it being invisible
> > to the user)
> The ReWriteEngine can do redirects too :)
> When I remember right, its:
> RewriteRule ^/intern(.*) https://somehost/$1 [R]
>
> The advantages compared to pcgi:
> -) BHS is multithreaded. Not much use with Zope, but important for my
> stuff :). pcgi at the moment is being developed to be concurrent.
So BoBoHTTPServer != ZopeHTTPServer? Or is it multithreaded but this feature
is not used by Zope?
> -) pcgi processes run as the Webserver user, so you are limited to uid
> management a la Apache. BHS runs as the user it is started :)
> With some small patches to BHS one could even run it as root to allow
> remote as-root administration of a box.
>
> The proxy stuff has the advantage, that you can hide the real http
> interface somewhere on the inside (I like to create IP aliases for the
> loopback device *g*), and all accesses must go trough the external
> gateway.
And this is an invisible redirect. [Off topic:] It would be nice to use the
ReWriteEngine to do load balancing over several servers this way ;=))
>
> > >
> > > This assumes two things:
> > > -) You have an 127.0.0.2 lo:0 alias active ;)
> > > -) You have a patched BoboHTTPServer.py running there.
> > No problem to setup on our servers.
> > >
> > > > I don't want to allow management over insecure channels so is it possible to
> > > > use a rewrite/URL refresh rule in Zope for /manage (it should redirect to
> > > > https:)
> > > That's another thing I've been thinking about:
> > > -) BoboHTTPServer when running in nonssl mode should map the Non-Auth
> > > error code to another error code -> When accessing the http:// url
> > > the user isn't even prompted for an username/password :)
> > What do you intend to accomplish doing this?
> Easy. Take a site X, you could have http://X/ and https://X/ with the same
> content. Now some functions require user authentication -> But the
> credentials NEVER EVER should be send in clean, ...
That is the reason why I want Zope to be able to send redirects for certain
URLs, especially /manage, but others might also come in handy.
>
> So by killing the ``Not authorized'' (401?) error code, the user never
> even gets the possibility to enter a password when working in the clear :)
> Which should be a strong reminder to switch over to the secure server :)
I personally think it is an absolute requirement for Zopes TTW management.
But 'killing' the error code is the wrong approach, I would like to see the
Zope extended so we can limit what is visible depending on the users domain.
This should be a document property so we will have to wait for Zope 2 to
implement this in a clean way. A clean context (switch) depending on domain,
language, authorisation etc should be standard.
--
<- Ronald Offerman | ron@gjt-it.nl
<- Root Powered Carrot Munchers Ltd. Inc. SA AG BV
"Daddy, why do those people have to use Microsoft Windows?"
"Don't stare, son; it's not polite."
"M$ Windows NT, an accident waiting to happen"
"What goes up, must come down. Ask any system administrator."