[Zope] Re: htaccess with zope/plone ?

michael nt milne michael.milne at gmail.com
Tue Feb 7 19:37:45 EST 2006


But if you've got Apache ssl as well then it's more secure.

The problem I've found is that you can't put this in the httpd.conf unless
it is wrapped in a <Directory></Directory> directive

AuthType Basic
AuthName "Members Only"
AuthUserFile /path/to/.htpasswd
require valid-user

And the virutual host doesn't have a directory. If I were to place this in
the zope root then I would password protect all the sites. I only wan't to
password protect one etc.

On 2/8/06, Andreas Pakulat <apaku at gmx.de> wrote:
>
> On 07.02.06 23:58:20, michael nt milne wrote:
> > Also, just to say that I did a test on only letting authenticated and
> > managers view the root page of the site over ssl. If you just cancelled
> the
> > login box or closed it, the whole front page was displayed without any
> css
> > but you could still get all the content.
>
> Then you had the proper rights somehow.
>
> > I've had this quite a bit before so that's why I'm looking into Apache
> > authentication. I just don't think that Zope authentication is secure.
>
> Authentication via .htpasswd uses the same HTTP method as the basic
> login into Zope. It's not more or less secure than authenticating
> directly with Zope.
>
> Andreas
>
> --
> There is a 20% chance of tomorrow.
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )
>



--
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20060208/a55e53f0/attachment.htm


More information about the Zope mailing list