[Zope] forcing manage requests to use SSL
Evan Simpson
evan@4-am.com
Sun, 11 Feb 2001 10:59:34 -0500
From: "Luke Tymowski" <luke@seeto.com>
> Is there a way to force Zope to use SSL when a user requests a manage
login?
Realize that "a manage login" isn't well defined, unless you're providing
the definition. *Any* request can require the "Manager" role, depending on
how permissions are set, and conversely you can allow access to "management"
URLs to people without "Manager" role.
What you probably need is a UserFolder that refuses to authenticate any of
its Users unless the access protocol is https. I'm sure that LoginManager
can be made to do this. You might also want to try writing an External
Method that removes the Basic Auth information from REQUEST if the protocol
is wrong, and use it as an Access Rule.
Cheers,
Evan @ digicool & 4-am