[Zope] ZMI access using URL other than manage

[Dieter Maurer]

David Pratt wrote at 2005-3-25 08:30 -0400:
>I am working on a financial product and it appears to me that the 
>/manage login for Zope could be a potential problem if you are running 
>zope since your server is easily guessed and one can go to this url and 
>try passwords.  Can someone suggest an alternative to this or some 
>modification to Zope that might make this less obvious.

You can use a "Post Authentication Hook" to perform
additional tests.

There are two competing proposals for such a hook
(one in the collector and one on my Zope page).
I doubt that any one has been integrated in the actual Zope code.
But it should not be difficult to apply a patch.

-- 
Dieter