[Zope] Re: major problems placing authentication on an extranet site-security flaw?

Chris Withers chris at simplistix.co.uk
Sun Feb 12 09:27:00 EST 2006

michael nt milne wrote:
> Yes I think I like the HTML login page way to authenticate. It feels more
> usable. And I don't think I'll use an Apache login box at all. Most users
> will find it hard remembering one password and with cookie authentication
> over SSL you can go straight into the site. Brilliant.

Given your earlier paranoia about security, this a truly bizarre 
paragraph; you're so worried about basic auth that you didn't want to 
use it, and yet you're quite happy to have a cookie living on a user's 
machine long term, and still leave port 8080 exposed?



Simplistix - Content Management, Zope & Python Consulting
            - http://www.simplistix.co.uk

More information about the Zope mailing list