[Zope-CMF] Basic Auth and SSL?

[alan runyan]

> Short of running the server or proxy server full time over SSL, it
> is possible or practical to run just the login screens and/or basic
> Auth over that port?

sure.

what you can do is subclass UrlTool to provide http and https url's.
then you can make sure that portal_url just returns http:// and you can
hardcode in your join/login_form a call to https://

this way the important parts are in 'https' and no matter what your calls
into portal_url are http.
you could obviously make this smarter.  but the trick is to subclass UrlTool
or let your application
handle this.

> For the most part I've been dealing with internal (inside the
> firewall) deployments, but I just received a request to expose
> information outside of the firewall as well. I've been doing
> research on all the sites, but nothing has popped out yet.

I use Apache/mod_proxy+SSL with ZOPE and let ZOPE suggest what url's to goto
next.
I dont subclass the URL tool, actually.  in my ecommerce app I just have a
method that will split up urls and
put them together using the right protocol.

> If anyone cares to wade in with their opinion or experience on SSL,
> authentication over SSL, and so on. I would appreciate it.

I would use Apache's SSL.

> BTW: is this a question for this list? If not which list would you
> suggest?

its more of a generic ZOPE question.  but thats ok ;)

~runyaga
p.s. the sooner you get comfortable with your own customized tools in CMF
the sooner you will grok how easy it is to change things
and make things more custom fit for your needs.  Python is so much fun; its
what makes ZOPE cool.