[Zope] Zope/Plone logon security strategy etc

Jens Vagelpohl jens at dataflake.org
Wed Jan 25 13:36:48 EST 2006


On 25 Jan 2006, at 17:17, michael nt milne wrote:

> Just a quick question about Zope/Plone logins and security etc. When I
> go to www.domain.com:8080/manage I get a login box which seems to
> function in exactly the same way as the www.domain.com:8080/login_form
> page.
>
> My question is, what was the rational for implementing this logon
> strategy in Zope as it obviously acts as authentication and
> authorisation but falls down on confidentiality and data integrity?
> Also would there be any plans at all in the future to make this logon
> process authenticate, be confidential and have integrity? I know that
> you can do it in Apache etc but for most people that's probably quite
> a big step. Most people probably reckon that the appearance of the
> logon box makes their site secure. I'm only talking about the logon
> areas here, etc.

This login page is not a Zope login page, it is a Plone/CMF login  
page. It does not reflect any architectural decisions on the Zope side.

jens



More information about the Zope mailing list