AW: [Zope] Security doubt
Germer, Carsten
carsten.germer@desy.de
Tue, 10 Jun 2003 11:00:23 +0200
> > How could I avoid sending a cleartext password through the
> net when I use a
> > http://....../manage? How and where should I configure
> what? I hope it'd be
> > possible...
You would need to set up an Apache-Zope configuration and by using "Cookie
Crumbler" and "SSLAbsoluteURL" you can actually force login over SSL.
I've done a short documentation about my setup that's unfortunately in
german. If you got someone at hand who can translate it it may help
http://www.dzug.org/SchreibMit/ZopeFaq/Virtual%20Hosting/Zope%2C%20Apache%20
als%20Chaching%20Proxy%20und%20sicheres%20Login
Otherwise, just dive into Apache and Zope with CokkieCrumbler and
SSLAbsoluteURL, did the trick for me :)
/Carsten