[Zope] Re: major problems placing authentication on an extranet
site-security flaw?
Chris Withers
chris at simplistix.co.uk
Sun Feb 12 09:27:00 EST 2006
michael nt milne wrote:
>
> Yes I think I like the HTML login page way to authenticate. It feels more
> usable. And I don't think I'll use an Apache login box at all. Most users
> will find it hard remembering one password and with cookie authentication
> over SSL you can go straight into the site. Brilliant.
Given your earlier paranoia about security, this a truly bizarre
paragraph; you're so worried about basic auth that you didn't want to
use it, and yet you're quite happy to have a cookie living on a user's
machine long term, and still leave port 8080 exposed?
wow...
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope
mailing list