[Zope] Security doubt

Ricardo Núñez rinunez@usb.ve
Fri, 6 Jun 2003 10:33:33 -0400


Hi,

How could I avoid sending a cleartext password through the net when I use a
http://....../manage? How and where should I configure what? I hope it'd be
possible...

I'm a RedHat 7.3, Apache 1.3., Zope FastCGI computer manager. Other things:

- Muuultiple apache virtual hosts
- We have a few https sites.
- Zope is recently installed, but we have decided to use it very seriously.
- People upload their files with FTP... A big security hole.
- With Zope we'd like to authenticate with a LDAP authentication server with
passwords in the old crypt encryption. 

OK, I already know that there are Zope products to do the "LDAP part", that's
not an issue.

I notice that the "natural way" to manage Zope sites is through '.../manage'
interface. I agree that it lets me use  any computer all over the world and
that's perfect for me, but.... I have doubt with sending cleartext passwords
like FTP does.

Saludos,

           Ing. Ricardo Núñez
           Webmaster de la DST
           Universidad Simón Bolívar
           E-Mail: rinunez@usb.ve