[Zope] Basic Authentication SSL Redirector
Tino Wildenhain
tino at wildenhain.de
Fri Jun 23 07:36:11 EDT 2006
Josef Meile schrieb:
> Hi,
>
> After having started the thread about securing CookieCrumbler[1], I figured
> out that it was better to secure Basic Authentication instead. So, I just
Which is actually identically :-) Its just a different HTTP-Header
involved :-)
> created a new Product, called JMSSLBasicAuth[2], which is based on the
> CookieCrumbler Transversal Hook. Instead of Cookie Authentication, I will
> redirect insecure Basic Authentication requests to ssl.
You remember to stay in ssl once you switched?
> I have tested it and it seems to work. I'm planning to use it in production
> websites, so, I would really appreciate if you could give me some
> constructive feedback about the product (See reference [2]), ie: what can I
> improve, change, or add?
I'd think you could add the redirection support (which can indeed be usefull
and simplify configuration) in a way not disabling cookie-auth the same time.
(For example you cannot really log out with Basic Auth)
Regards
Tino Wildenhain
More information about the Zope
mailing list