[Zope] Zope/Plone logon security strategy etc
michael nt milne
michael.milne at gmail.com
Wed Feb 15 13:05:13 EST 2006
I won't be using this with SSL obviously. Good to use it to secure login
areas where the other content doesn't require SSL.
On 2/15/06, michael nt milne <michael.milne at gmail.com> wrote:
> Hi Dieter
> I've installed DigestAuth. Just wondering if there are any set-up
> instructions at all?
> On 1/26/06, Dieter Maurer <dieter at handshake.de> wrote:
> > michael nt milne wrote at 2006-1-25 18:55 +0000:
> > >Yeah I know the security aspects are good once you are in, however
> > >when you login it's possible for someone to grab your logon name and
> > >pass as it goes over the internet, as there's no encryption at all.
> > >Then obviously login themselves and compromise your sites.
> > You might be interested in my "DigestAuth" product.
> > It provides HTTP DigestAuthentication for Zope.
> > Of course, HTTP authentication gives you less freedom than
> > other forms of authentication (as the browser does the login).
> > These other forms can be made safer by the use of "https".
> > --
> > Dieter
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Zope