[Zope] browser security

Timothy Wilson wilson@visi.com
Tue, 4 Jan 2000 11:50:07 -0600 (CST)


Hi everyone,

Here's a quick security question. I'm using ZServer w/ Apache.

Someone pointed out to me today that it's possible to access a site like
this:

http://username:password@mysite.com/

and the user is logged in automatically. Apparently there are cracking
tools available that will attempt to guess passwords using this method
thereby gaining access to the system.

Is there any easy fix for this?

-Tim

--
Timothy Wilson       | "The faster you  |  Check out:
Henry Sibley H.S.    |  go, the shorter | http://slashdot.org/
W. St. Paul, MN, USA |  you are."       | http://linux.com/
wilson@visi.com      |       -Einstein  | http://www.mn-linux.org/