[Zope] Re: major problems placing authentication on an extranet site-security flaw?

michael nt milne michael.milne at gmail.com
Tue Feb 14 09:16:12 EST 2006


>>I am sure you know this, but since we have learned very little (or at
least I have - maybe I am not paying attention well enough :-):

>>Have you modified that rule to take advantage of the SSL -server?
Perhaps the SiteAccess rule is triggering adn trying to redirect you to
an address/port where there is no service listeing?

No I haven't modified anything apart from upgrading Apache, installing and
configuring SSL, doing VirtualHost rules and then locking down Plone using
the 'private site' documentation.

Why would Firefox 1.5.1 work perfectly and be able to edit pages and upload
images? As I've said I know of more issues with IE and posting attachments
through a private contact on this list. Doesn'ts seem like a coincidence to
me. At least you've learned that :-)




On 2/14/06, Dario Lopez-Kästen <dario at ita.chalmers.se> wrote:
>
> Alexander Limi said the following on 2006-02-14 14:05:
> >
> >
> > On Tue, 14 Feb 2006 04:59:07 -0800, Dario Lopez-Kästen
> > <dario-tTo+xxYJ+kmv1QaEFLkzfg at public.gmane.org> wrote:
> >
> >> *HOWEVER*, IIRC, plone, especially on windows (if installed with the
> >> windows installer) uses a trick, which is not documented at all, as
> >> far  as I know, uses a Site Access rule.
> >
> >
> > http://plone.org/documentation/faq/multiple-sites-installers
> >
> > What part is not documented at all? :)
> >
>
> ähh... woopsy-daisy! my mistake. Sorry! 8^)
>
> /dario - crawls back under a rock... ;)
>
> --
> -- -------------------------------------------------------------------
> Dario Lopez-Kästen, IT Systems & Services Chalmers University of Tech.
> Lyrics applied to programming & application design:
> "emancipate yourself from mental slavery" - redemption song, b. marley
>
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )
>



--
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20060214/527edc85/attachment.htm


More information about the Zope mailing list