[Zope-CMF] Expiring inactive login sessions

Chris Withers lists at simplistix.co.uk
Mon Mar 8 07:09:39 EST 2004

Felix Ulrich-Oltean wrote:

> PS - are there any more secure login methods for Zope without HTTPS,
> rather than sending the password as a base64-encoded cookie?

Some may look more secure, but all you're really doing is protecting the 
password from being read. Any cookie-based sessioning without HTTPS exposes you 
to a degree of risk...

...but yes, with CookieCrumbler, that risk is higher than with other methods :-)



Simplistix - Content Management, Zope & Python Consulting
            - http://www.simplistix.co.uk

More information about the Zope-CMF mailing list