[Zope] Re: Zope.org feedback

[Jim Sanford]

We have no http access to our site.

It is a corporate Client Relationship Management, Job Tracking and Order Processing, Production and Tracking system that is accessed
from all over the world.

I will send this to the list to see if any one else can provide help.


----- Original Message -----
From: Loren Stafford <lstaffor@dynalogic.com>
To: Jim Sanford <jsanford@atinucleus.com>
Sent: Friday, July 28, 2000 5:14 PM
Subject: Re: Zope.org feedback




> URL: http://www.zope.org/Members/lstaffor
> ZScheduler uses Client.py.
>
> Would it be correct to say that if my entire site is only accessible via
SSL (https) that ZScheduler will not work?

I hadn't thought about this before, so you probably know more about it than
I do. But given that the python lib that Client.py uses for http
(httplib.py) doesn't support https, then you're right.

Solutions?

1. Permit http traffic to your site if it comes fromt the same IP and is for
URLs that end in "/trigger". I suppose that IP spoofing makes this something
of a security hole. How bad?

2. Enhance either Client.py or httplib.py to support at least enough https
to get the job done. I know nothing about this. Is it reasonably doable? Is
there a Zopista willing and able to do it?

3. ....?

-- Loren