[Zope] Re: Zope/Plone logon security strategy etc

David bluepaul at earthlink.net
Thu Jan 26 03:43:34 EST 2006


Tino Wildenhain wrote:

>michael nt milne schrieb:
>  
>
>>Yes I agree, having checked on basic http authentication I need SSL.
>>Basic http and cookie auth is insecure. I just feel that zope should
>>have this facility even with a self signed certificate, so that you
>>could do it without Apache and had more options. The option to even
>>just have it on for site logon would be good.
>>    
>>
>
>Yes you can do that. There are patches to use SSL directly w/ the
>ZServer. But usually its by far not worth the trouble. Apache or
>pound as frontend proxy are easy to setup and ease management
>and load balancing.
>_
>  
>
Tino + 1

And heres a link to info re: ZopeSSL setup:

http://www.zope.org/Members/Ioan/ZopeSSL

I moved to Apache (for SSL) because its independent of Zope and  it will 
give you SSL and the power of a world class server when you need it. 
ZopeSSL worked fine (when i last tried it, like zope 2.4x).

David




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20060126/0aeabb64/attachment.htm


More information about the Zope mailing list