[Zope] Zope security management

Dario Lopez-Kästen dario@ita.chalmers.se
Fri, 23 Mar 2001 08:51:16 +0100


Midn you this is not in Zope yet, I am working o making it so

Here's how I do it in PLSQL:

Two steps:

1) the form action element calls the login method using https://

<form method=3D"post" action=3D"https://...../mts2.login">

This is not necessary however, you could still use

<form method=3D"post" action=3D"mts2.login">

becuase

2)

The login method checks to see if it is called from a valid port. This =
is the first statement in the method (or procedure as it is called in =
plsql-ish):



----- Original Message -----=20
From: "Bill Welch" <bill@carbonecho.com>
To: <zope@zope.org>
Sent: Thursday, March 22, 2001 8:16 PM
Subject: Re: [Zope] Zope security management


> Please share with us how you make sure that the login form can only be
> used over SSL.
>=20
> Bill.
>=20
> On Wed, 21 Mar 2001, Dario Lopez-K=E4sten wrote:
>=20
> > After we have established an SSL-connection, we use a forms based
> > login procedure, that sends, in cleartext but over an encrypted
> > ssl-connection, the username and password. We also make sure that =
the
> > login form can only be used over SSL.
>=20
>=20
>=20
>=20
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -=20
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>=20