[Zope] Zope/Plone logon security strategy etc

Dieter Maurer dieter at handshake.de
Thu Jan 26 13:15:08 EST 2006


michael nt milne wrote at 2006-1-25 18:55 +0000:
>Yeah I know the security aspects are good once you are in, however
>when you login it's possible for someone to grab your logon name and
>pass as it goes over the internet, as there's no encryption at all.
>Then obviously login themselves and compromise your sites.

You might be interested in my "DigestAuth" product.
It provides HTTP DigestAuthentication for Zope.

Of course, HTTP authentication gives you less freedom than
other forms of authentication (as the browser does the login).
These other forms can be made safer by the use of "https".



-- 
Dieter


More information about the Zope mailing list