[Zope] Re: Zope/Plone logon security strategy etc
David
bluepaul at earthlink.net
Thu Jan 26 03:43:34 EST 2006
Tino Wildenhain wrote:
>michael nt milne schrieb:
>
>
>>Yes I agree, having checked on basic http authentication I need SSL.
>>Basic http and cookie auth is insecure. I just feel that zope should
>>have this facility even with a self signed certificate, so that you
>>could do it without Apache and had more options. The option to even
>>just have it on for site logon would be good.
>>
>>
>
>Yes you can do that. There are patches to use SSL directly w/ the
>ZServer. But usually its by far not worth the trouble. Apache or
>pound as frontend proxy are easy to setup and ease management
>and load balancing.
>_
>
>
Tino + 1
And heres a link to info re: ZopeSSL setup:
http://www.zope.org/Members/Ioan/ZopeSSL
I moved to Apache (for SSL) because its independent of Zope and it will
give you SSL and the power of a world class server when you need it.
ZopeSSL worked fine (when i last tried it, like zope 2.4x).
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20060126/0aeabb64/attachment.htm
More information about the Zope
mailing list