[Zope] Sending Zope Passwords.
Tino Wildenhain
tino@wildenhain.de
Wed, 18 Jul 2001 23:47:50 +0200
Hi jleach,
if you have to ask, the answer might not be so valuable
for you ;)
zopes acl_user folder, which is the standard, supports
HTTP Basic Authentication as of rfc2616.
This means the username/password is not encrypted in the
HTTP session, rather it is obfuscated using base64 encoding.
The storage in the object database is encrypted using SHA
hashing. (At least last time I checked this)
Does this help you?
You can use any other authentication mechanism, if you use
a different User-Folder and/or implement it yourself
(and hope your clients do as well)
Most common practice is using Apache (or Squid 2.5) as ssl-proxy
in front of zope.
HTH
Tino Wildenhain
--On Mittwoch, 18. Juli 2001 14:20 -0700 "Jason C. Leach"
<jleach@drivingbeat.com> wrote:
> hi,
>
> how are Zope passwords transmitted? Secure or UN-secure?
>
> j.
> --
> ......................
> ..... Jason C. Leach
> ..
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )