[Zope-dev] Client.py prevents ZScheduler with SSL? (was: Zope.org feedback)

[Loren Stafford]

Moving this to zope-dev and changing title...

From: "Jim Sanford" <jsanford@atinucleus.com>


> We have no http access to our site.
>
> It is a corporate Client Relationship Management, Job Tracking and Order
Processing, Production and Tracking system that is accessed
> from all over the world.
>
> I will send this to the list to see if any one else can provide help.
>
>
> From: Loren Stafford <lstaffor@dynalogic.com>

> >  From: "Jim Sanford" <jsanford@atinucleus.com>
> > URL: http://www.zope.org/Members/lstaffor
> > ZScheduler uses Client.py.
> >
> > Would it be correct to say that if my entire site is only accessible via
> SSL (https) that ZScheduler will not work?
>
> I hadn't thought about this before, so you probably know more about it
than
> I do. But given that the python lib that Client.py uses for http
> (httplib.py) doesn't support https, then you're right.
>
> Solutions?
>
> 1. Permit http traffic to your site if it comes fromt the same IP and is
for
> URLs that end in "/trigger". I suppose that IP spoofing makes this
something
> of a security hole. How bad?
>
> 2. Enhance either Client.py or httplib.py to support at least enough https
> to get the job done. I know nothing about this. Is it reasonably doable?
Is
> there a Zopista willing and able to do it?
>
> 3. ....?
>
> -- Loren