[Zope] security

Ben Leslie benno@sesgroup.net
Sat, 18 Mar 2000 14:33:22 +1100


> > No.  You can authenticate yourself with such a client, but you must
> > still have a valid password.  You cannot just insert any old user id
> > into the Authentication header and expect Zope to believe you.  That
> > wouldn't exactly be very good security.
>  Thanks.  I would think then this password is succeptible to the same pitfalls
> as  sending clear text passwords over  the network which can be stolen. In

Yeah this is probably the best idea. Zope sits
quite nicely behind apache-ssl

Benno