[Zope] Zope security management
Dario Lopez-Kästen
dario@ita.chalmers.se
Fri, 23 Mar 2001 08:51:16 +0100
Midn you this is not in Zope yet, I am working o making it so
Here's how I do it in PLSQL:
Two steps:
1) the form action element calls the login method using https://
<form method=3D"post" action=3D"https://...../mts2.login">
This is not necessary however, you could still use
<form method=3D"post" action=3D"mts2.login">
becuase
2)
The login method checks to see if it is called from a valid port. This =
is the first statement in the method (or procedure as it is called in =
plsql-ish):
----- Original Message -----=20
From: "Bill Welch" <bill@carbonecho.com>
To: <zope@zope.org>
Sent: Thursday, March 22, 2001 8:16 PM
Subject: Re: [Zope] Zope security management
> Please share with us how you make sure that the login form can only be
> used over SSL.
>=20
> Bill.
>=20
> On Wed, 21 Mar 2001, Dario Lopez-K=E4sten wrote:
>=20
> > After we have established an SSL-connection, we use a forms based
> > login procedure, that sends, in cleartext but over an encrypted
> > ssl-connection, the username and password. We also make sure that =
the
> > login form can only be used over SSL.
>=20
>=20
>=20
>=20
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -=20
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )
>=20