[Zope] ZMI access using URL other than manage
David Pratt
fairwinds at eastlink.ca
Fri Mar 25 07:30:05 EST 2005
Hi. I am working on a financial product and it appears to me that the
/manage login for Zope could be a potential problem if you are running
zope since your server is easily guessed and one can go to this url and
try passwords. Can someone suggest an alternative to this or some
modification to Zope that might make this less obvious. I best I can
think of would be to do a rewrite on the /manage url but I still need
manager access to zmi through the web. I plan on forcing ssl through
apache when making a connection on whatever URL is used to login. Any
ideas?
Regards,
David
More information about the Zope
mailing list