[Zope] Re: htaccess with zope/plone ?
michael nt milne
michael.milne at gmail.com
Thu Feb 9 14:26:59 EST 2006
Thanks for the help. I got some good Apache advice on the Plone list vis a
What I'd like to do is have Apache and Zope (roles, workflow) for extra
security over SSL. I'll re-visit the authentication issue with the help I've
On 2/9/06, michael nt milne <michael.milne at gmail.com> wrote:
> Thanks for the help. I got some good Apache advice on the Plone list vis a
> vis <location>
> What I'd like to do is have Apache and Zope (roles, workflow) for extra
> security over SSL. I'll re-visit the authentication issue with the help I've
> received in mind and re-check the documentation.
> On 2/9/06, Robert Boyd <robert.h.boyd at gmail.com> wrote:
> > On 2/7/06, michael nt milne <michael.milne at gmail.com> wrote:
> > > Also Zope doesn't do SSL well and all password - login is
> > > basically insecure!
> > If you mean that logins without SSL are basically insecure, ok. But
> > given your other posts, if you mean that Zope authentication is
> > somehow inherently insecure (other than non-SSL traffic being in the
> > clear), please consider that the problems you experienced with it
> > don't lead to that conclusion. I run secured Zope sites on Classified
> > networks, and wouldn't be able to if Zope security was as broken as
> > you make it out to be.
> > If you need Apache auth and then need Plone auth, and you have a
> > question about configuring Apache auth, then it's appropriate to ask
> > an Apache list. The Apache httpd docs are also very good.
> > _______________________________________________
> > Zope maillist - Zope at zope.org
> > http://mail.zope.org/mailman/listinfo/zope
> > ** No cross posts or HTML encoding! **
> > (Related lists -
> > http://mail.zope.org/mailman/listinfo/zope-announce
> > http://mail.zope.org/mailman/listinfo/zope-dev )
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Zope