[Zope] Re: Zope/Plone logon security strategy etc
Tino Wildenhain
tino at wildenhain.de
Thu Jan 26 01:47:20 EST 2006
michael nt milne schrieb:
> Yes I agree, having checked on basic http authentication I need SSL.
> Basic http and cookie auth is insecure. I just feel that zope should
> have this facility even with a self signed certificate, so that you
> could do it without Apache and had more options. The option to even
> just have it on for site logon would be good.
Yes you can do that. There are patches to use SSL directly w/ the
ZServer. But usually its by far not worth the trouble. Apache or
pound as frontend proxy are easy to setup and ease management
and load balancing.
More information about the Zope
mailing list