[Zope] Re: htaccess with zope/plone ?

Andreas Pakulat apaku at gmx.de
Tue Feb 7 19:20:48 EST 2006


On 07.02.06 23:58:20, michael nt milne wrote:
> Also, just to say that I did a test on only letting authenticated and
> managers view the root page of the site over ssl. If you just cancelled the
> login box or closed it, the whole front page was displayed without any css
> but you could still get all the content.

Then you had the proper rights somehow.

> I've had this quite a bit before so that's why I'm looking into Apache
> authentication. I just don't think that Zope authentication is secure.

Authentication via .htpasswd uses the same HTTP method as the basic
login into Zope. It's not more or less secure than authenticating
directly with Zope.

Andreas

-- 
There is a 20% chance of tomorrow.


More information about the Zope mailing list