[Zope] Zope/Plone logon security strategy etc

Jens Vagelpohl jens at dataflake.org
Wed Jan 25 14:10:47 EST 2006


On 25 Jan 2006, at 18:55, michael nt milne wrote:

> Hi
>
> Yeah I know the security aspects are good once you are in, however
> when you login it's possible for someone to grab your logon name and
> pass as it goes over the internet, as there's no encryption at all.
> Then obviously login themselves and compromise your sites.
>
> Just slightly concerned about this as I plan to have a few sites
> set-up on one server, with client logins and have to advise on
> security. I know that Apache SSL can help but it's a tricky extra step
> and I only need to secure the login areas at the moment, not encrypt a
> whole site.

You should read up on HTTP authentication and cookie authentication,  
I sense some severe knowledge gaps there...

jens



More information about the Zope mailing list