[Zope] Secure database access
Toby Dickenson
tdickenson@geminidataloggers.com
Wed, 1 May 2002 11:01:01 +0100
On Wednesday 01 May 2002 6:23 am, Ing Soc wrote:
>> This scenario transfers unencrypted zope passwords
>> over your internal
>> network. Is this a problem? If yes you might be
>> better with a topology
>
>The internal network is trusted in this context, so
>not, it doesn't matter.
Yes, that is the key difference that makes your proposed topology secure.
> However, I would be surprised
>if the Oracle client software would transmit plaintext
>passwords. Surely not in this day and age!
I didnt mean the password that zope provides to oracle, but rather the
passwords that your users provide to zope (via apache). Yes, they are
plaintext.