[Zope] Limiting management screens to https: (was:[Zope-dev] How to
access the internals of Zope ?)
Jim Fulton
jim@digicool.com
Mon, 03 May 1999 09:24:26 -0400
Hannu Krosing wrote:
>
(snip)
> I want to make the management screens available through HTTPS only (to
> protect
> the innocent from revealing their passwords to sniffers), and I quess it
> would
> be trivial by adding something like
>
> <!--#unless HTTPS--><!--#raise "Not Found"--><!--#unless-->
>
> in a few places, but I have'nt been able to find the right places yet.
>
> Is it possible using the management interface, or do I have to access
> the
> BoboBase directly?
>
> Or would it be better to hack the UserDB and add a special flag to users
> who may authenticate through HTTPS only ?
IMO, this is the right way to solve this problem.
Jim
--
Jim Fulton mailto:jim@digicool.com Python Powered!
Technical Director (888) 344-4332 http://www.python.org
Digital Creations http://www.digicool.com http://www.zope.org
Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email
address may not be added to any commercial mail list with out my
permission. Violation of my privacy with advertising or SPAM will
result in a suit for a MINIMUM of $500 damages/incident, $1500 for
repeats.