[Zope] www.oswg.org runs Zope?
Oleg Broytmann
phd@phd.russ.ru
Wed, 19 Apr 2000 13:18:40 +0000 (GMT)
Hi!
It is amazing how many people believe that SSL (and other technical
solutions) can bring security "by default"!
People - that is the weakiest point in security, and installing SSL
would not make them much more secure. Even worse - notion of SSL can make
people feel "more secure" without deep investigation and learning; that's
is worse than no security at all!
On Wed, 19 Apr 2000, Frank Tegtmeyer wrote:
> 1. Zope should integrate SSL.
> 2. All protected pages should be delivered only through SSL by default.
> 3. A fallback to use management and protected pages without SSL should
> be there, but it has to be enabled by hand.
Oleg. (All opinions are mine and not of my employer)
----
Oleg Broytmann Foundation for Effective Policies phd@phd.russ.ru
Programmers don't die, they just GOSUB without RETURN.