[Zope] www.oswg.org runs Zope?

[J. Atwood]

>is there a way to run all the /manage pages behind SSL, so they're less
>prone to password sniffing? or to rename /manage to something a little
>more obscure? it just seems to me that the /manage URLs are just waiting
>to be exploited by some cracker.

There are a couple of different things that could make Zope a bit more secure.

- Be able to disable the superuser account (or rename, erase it)
- Change the port on which /manage runs (Web Admin does this very nicely)
- Be able to lock it down by IP address (only certain IP addresses 
can access /manage)
- SSL
- Force strong passwords (10 chars at least 1 number, 1 cap, 1 
symbol, now words)

I know all of this is way on the back burner but it is something to 
consider. There also might be easy "Zopish" ways to do all of this.

J