[Zope] Zope+Apache+ProxyPass

[Ragnar Beer]

>I'm confused by a note in your caching howto about managing Zope using
>an SSL connection:
>
>   Apache+ZServer+SSL From the author of this How-To I also got a very
>   good tip for what to do if you want to manage your website via https
>   to avoid sending your unencrypted password over the net: Reverse the
>   setup he describes, i.e.  instead of creating a folder "ssl" and
>   making the base of the site root "https://..." create a folder
>   "http" and make the base of the site root "http://..."
>
>Isn't the username/password still sent in clear text (mime-encoded) as
>soon as you attempt to manage anything in the /http folder because of
>the unencrytped connection (http://...) specified by the siteroot?
>
>-kevin

Of course you need to use the https protocol! The advantage of the 
reversed setup is that if you configure it that way then the 
"natural" way to access the site can be https and http is the special 
case and not the other way round.

Ragnar