AW: [Zope] Security doubt

Germer, Carsten carsten.germer@desy.de
Tue, 10 Jun 2003 11:00:23 +0200


> > How could I avoid sending a cleartext password through the 
> net when I use a
> > http://....../manage? How and where should I configure 
> what? I hope it'd be
> > possible...

You would need to set up an Apache-Zope configuration and by using "Cookie
Crumbler" and "SSLAbsoluteURL" you can actually force login over SSL.

I've done a short documentation about my setup that's unfortunately in
german. If you got someone at hand who can translate it it may help
http://www.dzug.org/SchreibMit/ZopeFaq/Virtual%20Hosting/Zope%2C%20Apache%20
als%20Chaching%20Proxy%20und%20sicheres%20Login

Otherwise, just dive into Apache and Zope with CokkieCrumbler and
SSLAbsoluteURL, did the trick for me :)

/Carsten