[Zope] Re: major problems placing authentication on an extranet site-security flaw?

Chris Withers chris at simplistix.co.uk
Tue Feb 14 14:24:04 EST 2006

michael nt milne wrote:
> cookie based. Now going with Zope/Plone auth over SSL alone with cookies set
> to expire.

I hope you're making sure the "secure" bit is set on those cookies ;-)

>>>> My aim is security with a good level of usability and I'll achieve that
> :-)

Considering you can't even quote a response correctly, I somehow doubt 

>> I'm going to block 8080 at the router/firewall level as Zope obviously
>> needs to keep serving through 8080 to Apache.
>>> using iptables in the box is probably a better idea...
>>>> thanks for the advice but I'll probably go with router level

Fine, don't take our advice, but don't expect help either...

> works perfectly viewing and editing so it's a browser issue. I know of other
> people who have issues with IE and posting images over SSL. Must be
> something to do with POST security over IE. I'm going to take it up with
> them but don't expect too much of a response. I'm now about to try with
> Opera.

Sheesh, sorry, but I've come to the conclusion you're just trolling and 
so won't be wasting my time with any more of your posts...


Simplistix - Content Management, Zope & Python Consulting
            - http://www.simplistix.co.uk

More information about the Zope mailing list