[Zope] Re: Zope/Plone logon security strategy etc

[Tino Wildenhain]

michael nt milne schrieb:
> Yes I agree, having checked on basic http authentication I need SSL.
> Basic http and cookie auth is insecure. I just feel that zope should
> have this facility even with a self signed certificate, so that you
> could do it without Apache and had more options. The option to even
> just have it on for site logon would be good.

Yes you can do that. There are patches to use SSL directly w/ the
ZServer. But usually its by far not worth the trouble. Apache or
pound as frontend proxy are easy to setup and ease management
and load balancing.