[Zope] Re: Zope/Plone logon security strategy etc
michael nt milne
michael.milne at gmail.com
Wed Jan 25 16:19:09 EST 2006
Cookie authentication can't be secure. Also I have my doubts about
http authentication. I'll check though. Basicallx you want really good
encryption on any logon and password etc.
On 1/25/06, Jens Vagelpohl <jens at dataflake.org> wrote:
>
> On 25 Jan 2006, at 18:55, michael nt milne wrote:
>
> > Hi
> >
> > Yeah I know the security aspects are good once you are in, however
> > when you login it's possible for someone to grab your logon name and
> > pass as it goes over the internet, as there's no encryption at all.
> > Then obviously login themselves and compromise your sites.
> >
> > Just slightly concerned about this as I plan to have a few sites
> > set-up on one server, with client logins and have to advise on
> > security. I know that Apache SSL can help but it's a tricky extra step
> > and I only need to secure the login areas at the moment, not encrypt a
> > whole site.
>
> You should read up on HTTP authentication and cookie authentication,
> I sense some severe knowledge gaps there...
>
> jens
>
> _______________________________________________
> Zope maillist - Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )
>
More information about the Zope
mailing list