[Zope] www.oswg.org runs Zope?
Tres Seaver
tseaver@palladion.com
Wed, 19 Apr 2000 17:59:54 -0500
"Frank Tegtmeyer" <fte@d.de.mqi.net>
> > But SSL wouldn't help with the password issue!
> That is another topic. If passwords are used (that's the current
> situation) encryption of the transmission eliminates one weakness of the
> system. Every eliminated weakness is a good thing.
Appropriate security engineering requires trading off the costs of protection
versus the value of the thing protected. The cost of imposing such
high-security tradeoffs on all Zope users, many of whom can mitigate such
threats simply by keeping good backups of the Data.fs file, is too high,
especially given the alternatives available (Apache+SSL, Roxen+SSL, Ng Pheng
Siong's ZServerSSL, etc.) for the more paranoid.
Best,
Tres.
--
=========================================================
Tres Seaver tseaver@digicool.com tseaver@palladion.com