[Zope] Zope and SSL
Thierry Florac
Thierry.Florac@onf.fr
Mon, 25 Feb 2002 14:08:39 +0100
On 25.02.2002 - 12:27 seb bacon wrote:
> > The only potential problem could be with management pages which don't
> use
> > 'manage*' naming convention, but until now I didn't encoutered any one
> > with well written products...
>
> FYI, I use a subdomain, like manage.foo.com, which enforces use of SSL
> on all pages within that domain. However, it doesn't block people from
> trying to use manage_* methods, so they can always access them over the
> clear if they want to.
It's another solution, but that's exactly what I don't want : I don't want
users to be able to send clear passwords across network to access their
management pages...!!
Another reason is that I use virtual hosts and Apache rewrite rules, and
my Zope server is protected by a firewall which have Zope real port (8080)
closed, so managers can only access virtual hosts management screens, not
the global Zope management screen handling products,... which can only be
accessed from the local network.
Thierry