[Zope] Zope and SSL

Thierry Florac Thierry.Florac@onf.fr
Mon, 25 Feb 2002 14:08:39 +0100


On 25.02.2002  -  12:27 seb bacon wrote:
> > The only potential problem could be with management pages which don't
> use
> > 'manage*' naming convention, but until now I didn't encoutered any one
> > with well written products...
> 
> FYI, I use a subdomain, like manage.foo.com, which enforces use of SSL
> on all pages within that domain.  However, it doesn't block people from
> trying to use manage_* methods, so they can always access them over the
> clear if they want to.

It's another solution, but that's exactly what I don't want : I don't want 
users to be able to send clear passwords across network to access their 
management pages...!!
Another reason is that I use virtual hosts and Apache rewrite rules, and 
my Zope server is protected by a firewall which have Zope real port (8080) 
closed, so managers can only access virtual hosts management screens, not 
the global Zope management screen handling products,... which can only be 
accessed from the local network.

Thierry