[Zope] - Secure Server
Hannu Krosing
hannu@trust.ee
Mon, 25 Jan 1999 17:40:06 +0200
Robert OConnor wrote:
>
> How does ZOPE integrate with a
> "SSL" secure server such as
>
> Red Hat Secure Web Server 2.0
> http://www.redhat.com/product.phtml/WB2000
>
> I have some understanding of the security offered
> on the server but what about security between
> the browser and the server?
>
> Can (and How) can SSL be integrated
> into the ZOPE login.
If you use client sertificates, then you can get the SSL authenticated
user from CGI variables
If you use just uername/passwd then there should be no difference
between
HTTP and HTTPS in CGIs
> I understand that SSL servers are slowed down
> but only ID/Passwords need be SSL and after
> that, during the session, SSL security doesn't
> have to be used.
HTTPS uses SSL for whole session. If you want just your login to be
encrypted you should use challenge/response authentication.
I'm not sure which browsers (except MS ones) use this.
It should not be too hard to add this to ZopeServer if browser
support exists.
-----------------
Hannu