[Zope] Security doubt
Fri, 6 Jun 2003 10:33:33 -0400
How could I avoid sending a cleartext password through the net when I use a
http://....../manage? How and where should I configure what? I hope it'd be
I'm a RedHat 7.3, Apache 1.3., Zope FastCGI computer manager. Other things:
- Muuultiple apache virtual hosts
- We have a few https sites.
- Zope is recently installed, but we have decided to use it very seriously.
- People upload their files with FTP... A big security hole.
- With Zope we'd like to authenticate with a LDAP authentication server with
passwords in the old crypt encryption.
OK, I already know that there are Zope products to do the "LDAP part", that's
not an issue.
I notice that the "natural way" to manage Zope sites is through '.../manage'
interface. I agree that it lets me use any computer all over the world and
that's perfect for me, but.... I have doubt with sending cleartext passwords
like FTP does.
Ing. Ricardo N˙˝ez
Webmaster de la DST
Universidad Simˇn BolÝvar