[Zope] Zope/Plone logon security strategy etc

[Dieter Maurer]

michael nt milne wrote at 2006-1-25 18:55 +0000:
>Yeah I know the security aspects are good once you are in, however
>when you login it's possible for someone to grab your logon name and
>pass as it goes over the internet, as there's no encryption at all.
>Then obviously login themselves and compromise your sites.

You might be interested in my "DigestAuth" product.
It provides HTTP DigestAuthentication for Zope.

Of course, HTTP authentication gives you less freedom than
other forms of authentication (as the browser does the login).
These other forms can be made safer by the use of "https".



-- 
Dieter