[Zope] Re: major problems placing authentication on an extranet
site-security flaw?
Chris Withers
chris at simplistix.co.uk
Tue Feb 14 04:26:49 EST 2006
michael nt milne wrote:
> Yes, I do realise that it's hard. Regarding the cookie comment that
> was the reason I wanted to use Apache <location> based login.
Huh? I'm sure some people would love to know how those two things relate
in your head...
> I do
> realise that leaving a logon cookie is insecure and that comment was
> perhaps misguided. I started to think about usability etc.
If you're lucky, you might get a system that's both insecure _and_
unusable ;-)
> I'm going to block 8080 at the router/firewall level as Zope obviously
> needs to keep serving through 8080 to Apache.
using iptables in the box is probably a better idea...
> As for the issue with IE6 and editing pages over SSL it all works fine
> in Firefox 1.5, so it's a browser issue which I just can't quite
> fathom just now.
I doubt it, my guess would still be that you're doing something wrong
somewhere...
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope
mailing list