[Zope] Zope/Plone logon security strategy etc

michael nt milne michael.milne at gmail.com
Wed Jan 25 12:17:22 EST 2006


Just a quick question about Zope/Plone logins and security etc. When I
go to www.domain.com:8080/manage I get a login box which seems to
function in exactly the same way as the www.domain.com:8080/login_form
page.

My question is, what was the rational for implementing this logon
strategy in Zope as it obviously acts as authentication and
authorisation but falls down on confidentiality and data integrity?
Also would there be any plans at all in the future to make this logon
process authenticate, be confidential and have integrity? I know that
you can do it in Apache etc but for most people that's probably quite
a big step. Most people probably reckon that the appearance of the
logon box makes their site secure. I'm only talking about the logon
areas here, etc.

Thanks

Michael


More information about the Zope mailing list