[Zope] Short Zope Security Question

[Christopher Petrilli]

Alexander Limi wrote:
> 
> Just a quick question:

Yes of course. :-)
 
> When you log on as a user in a Zope, is it possible to authenticate users
> via a secure connection easily? (via SSL, aka. https).

Of course, you can run Zope behind Apache-SSL, Netscape, etc.  We have
several customers doing this.  Then you might just write a small rule
that prohibits:

	.*/manage

for non-secure connections.

> I find it a bit discomforting when people can monitor the network and sniff
> the passwords used to access the folders of my users. (I know the superuser
> password is relatively safe because of the IP-check, but ideally this
> should also be SSL encrypted.

Alas, the world is still *very* antiquated for identification and
authorization on the web.  We can't even get uniform digest auth :/  The
only real advantage would be to go to Client Certs, and we could talk
some about this.

Chris