[Zope] security
sam
linuxcraft@redspice.com
Fri, 17 Mar 2000 21:15:09 -0600
On Fri, 17 Mar 2000, you wrote:
> No. You can authenticate yourself with such a client, but you must
> still have a valid password. You cannot just insert any old user id
> into the Authentication header and expect Zope to believe you. That
> wouldn't exactly be very good security.
Thanks. I would think then this password is succeptible to the same pitfalls
as sending clear text passwords over the network which can be stolen. In
which case making users to use https is a good idea ?
sam
##########################
necessity is the
mother of invention
##########################