[Zope] Zope/Plone logon security strategy etc

michael nt milne michael.milne at gmail.com
Wed Feb 15 13:05:13 EST 2006


PS

I won't be using this with SSL obviously. Good to use it to secure login
areas where the other content doesn't require SSL.

On 2/15/06, michael nt milne <michael.milne at gmail.com> wrote:
>
> Hi Dieter
>
> I've installed DigestAuth. Just wondering if there are any set-up
> instructions at all?
>
> Thanks
>
> Michael
>
> On 1/26/06, Dieter Maurer <dieter at handshake.de> wrote:
> >
> > michael nt milne wrote at 2006-1-25 18:55 +0000:
> > >Yeah I know the security aspects are good once you are in, however
> > >when you login it's possible for someone to grab your logon name and
> > >pass as it goes over the internet, as there's no encryption at all.
> > >Then obviously login themselves and compromise your sites.
> >
> > You might be interested in my "DigestAuth" product.
> > It provides HTTP DigestAuthentication for Zope.
> >
> > Of course, HTTP authentication gives you less freedom than
> > other forms of authentication (as the browser does the login).
> > These other forms can be made safer by the use of "https".
> >
> >
> >
> > --
> > Dieter
> >
>
>
>
> --
> Michael




--
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20060215/ca7a2ffc/attachment.htm


More information about the Zope mailing list