[Zope] Re: major problems placing authentication on an extranet
site-security flaw?
Chris Withers
chris at simplistix.co.uk
Tue Feb 14 14:24:04 EST 2006
michael nt milne wrote:
> cookie based. Now going with Zope/Plone auth over SSL alone with cookies set
> to expire.
I hope you're making sure the "secure" bit is set on those cookies ;-)
>>>> My aim is security with a good level of usability and I'll achieve that
> :-)
Considering you can't even quote a response correctly, I somehow doubt
that...
>> I'm going to block 8080 at the router/firewall level as Zope obviously
>> needs to keep serving through 8080 to Apache.
>>> using iptables in the box is probably a better idea...
>
>>>> thanks for the advice but I'll probably go with router level
Fine, don't take our advice, but don't expect help either...
> works perfectly viewing and editing so it's a browser issue. I know of other
> people who have issues with IE and posting images over SSL. Must be
> something to do with POST security over IE. I'm going to take it up with
> them but don't expect too much of a response. I'm now about to try with
> Opera.
Sheesh, sorry, but I've come to the conclusion you're just trolling and
so won't be wasting my time with any more of your posts...
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope
mailing list