<div><span class="q">> Yes, I do realise that it's hard. Regarding the cookie comment that<br>> was the reason I wanted to use Apache <location> based login.<br><br></span>>>Huh? I'm sure some people would love to know how those two things relate
<br>in your head...</div>
<div> </div>
<div>>>>I wanted to use an Apache served login box before the Zope/Plone site is served but I've decided against that now as authentication should be closely linked to the application. Also Apache <location> based authentication isn't cookie based. Now going with Zope/Plone auth over SSL alone with cookies set to expire.
<br><span class="q"><br>> I do<br>> realise that leaving a logon cookie is insecure and that comment was<br>> perhaps misguided. I started to think about usability etc.<br><br></span>>>If you're lucky, you might get a system that's both insecure _and_
<br>unusable ;-)</div>
<div> </div>
<div>>>>My aim is security with a good level of usability and I'll achieve that :-)<br><span></span><span class="q"><br>> I'm going to block 8080 at the router/firewall level as Zope obviously<br>> needs to keep serving through 8080 to Apache.
<br></span></div>
<div>>>using iptables in the box is probably a better idea...</div>
<div> </div>
<div>>>>thanks for the advice but I'll probably go with router level<br><span class="q"><br>> As for the issue with IE6 and editing pages over SSL it all works fine<br>> in Firefox 1.5, so it's a browser issue which I just can't quite
<br>> fathom just now.<br><br></span>>>I doubt it, my guess would still be that you're doing something wrong<br>somewhere...</div>
<div> </div>
<div>>>>Sorry but I don't agree on this one. I haven't altered any of the Plone 'edit page' functionality. It's out of the box. Works fine without SSL but on SSL trying to edit a page causes 'can't find server'. Firefox though works perfectly viewing and editing so it's a browser issue. I know of other people who have issues with IE and posting images over SSL. Must be something to do with POST security over IE. I'm going to take it up with them but don't expect too much of a response. I'm now about to try with Opera.
<br><br> </div>
<div><span class="gmail_quote">On 2/14/06, <b class="gmail_sendername">Igor Stroh</b> <<a href="mailto:igor@rulim.de">igor@rulim.de</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">michael nt milne wrote:<br>> Yes, I do realise that it's hard. Regarding the cookie comment that<br>> was the reason I wanted to use Apache <location> based login. I do
<br>> realise that leaving a logon cookie is insecure and that comment was<br>> perhaps misguided. I started to think about usability etc.<br>><br>> I'm going to block 8080 at the router/firewall level as Zope obviously
<br>> needs to keep serving through 8080 to Apache.<br><br>No need to do that, just configure your zope (etc/zope.conf) to<br>listen only on your loopback interface:<br><br><http-server><br>address <a href="http://127.0.0.1:8080">
127.0.0.1:8080</a><br></http-server><br><br>An btw, Zope doesn't *need* to serve on 8080...<br><br>HTH,<br>Igor<br>_______________________________________________<br>Zope maillist - <a href="mailto:Zope@zope.org">
Zope@zope.org</a><br><a href="http://mail.zope.org/mailman/listinfo/zope">http://mail.zope.org/mailman/listinfo/zope</a><br>** No cross posts or HTML encoding! **<br>(Related lists -<br><a href="http://mail.zope.org/mailman/listinfo/zope-announce">
http://mail.zope.org/mailman/listinfo/zope-announce</a><br><a href="http://mail.zope.org/mailman/listinfo/zope-dev">http://mail.zope.org/mailman/listinfo/zope-dev</a> )<br></blockquote></div><br><br clear="all"><br>-- <br>
Michael