[Zope] securing webdav
David Pratt
fairwinds at eastlink.ca
Fri Sep 23 23:29:31 EDT 2005
Hi Tino. Over HTTP is not the problem. It is more on normally https you
are rewriting your requests to port 443 with apache proxy and your
usual webdav server is port 1980 that is not secure.
I am in the same boat as David. I haven't got my webdav running
securely at this point either. The only thing I have heard about is
the running m2crypto with ZServerSSL but I have read mixed reviews so
have been reluctant to install it. Either way I am looking for
something also for securing webdav and ftp as well.
As far as sftp I know that Zope Corp has a product in CVS but I have
not heard whether it works or if anyone is using it. It relies on on
the deprecated Twisted 1.1.1 which is at least 2 or 3 years old. I
read earlier today of a product called scponly that could help but it
looks like it has had some history of vulnerability so not so sure
about this solution at this point either.
Regards,
David
On Friday, September 23, 2005, at 09:01 PM, Tino Wildenhain wrote:
> Am Freitag, den 23.09.2005, 16:08 -0700 schrieb David Bear:
>> I run zope in back of apache, and let apache handle tls/ssl.
>>
>> In all the searching on zope.org though I haven't found any documents
>> on how to let apache handle securing webdav for zope as well.
>>
>> Anyone see/written such?
>
> webdav works over http - yes, the same http your browser uses.
> Apache handles this fine. Nothing to do.
>
>
> _______________________________________________
> Zope maillist - Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )
>
More information about the Zope
mailing list