[Zope] www.oswg.org runs Zope?
Frank Tegtmeyer
fte@d.de.mqi.net
Wed, 19 Apr 2000 14:48:30 +0200
> concerning the fact that the "manage" suffix to an address is hardcoded,
> there's always the possibility for those who run apache in front of zope
> to write a rewrite rule
That's a hackers solution.
1. Zope should integrate SSL.
2. All protected pages should be delivered only through SSL by default.
3. A fallback to use management and protected pages without SSL should
be there, but it has to be enabled by hand.
That would eliminiate many risks with little effort for non hackers.
Regards, Frank