[Zope] Re: major problems placing authentication on an extranet
site-security flaw?
Igor Stroh
igor at rulim.de
Tue Feb 14 05:22:19 EST 2006
michael nt milne wrote:
> Yes, I do realise that it's hard. Regarding the cookie comment that
> was the reason I wanted to use Apache <location> based login. I do
> realise that leaving a logon cookie is insecure and that comment was
> perhaps misguided. I started to think about usability etc.
>
> I'm going to block 8080 at the router/firewall level as Zope obviously
> needs to keep serving through 8080 to Apache.
No need to do that, just configure your zope (etc/zope.conf) to
listen only on your loopback interface:
<http-server>
address 127.0.0.1:8080
</http-server>
An btw, Zope doesn't *need* to serve on 8080...
HTH,
Igor
More information about the Zope
mailing list