[Zope] Re: Basic Authentication SSL Redirector

Josef Meile jmeile at hotmail.com
Fri Jun 23 08:58:49 EDT 2006


>> Yes, but you won't send your credentials in plane text as you do with 
>> CookieCrumble, will you?
> 
> Well, its more or less exactly the same as with BasicAuth :-)
> (base64 plaintext vs. plaintext in html forms does not really matter)
Yes, but if you set only the authentication header in https and manually 
came back to http, then will you send your password in plain text?

>> ----------------------------------------------------------
>> https://some_url/folder1/index_html
>>
>> GET /folder1/index_html HTTP/1.1
>> Host: some_ip
>> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.4) 
>> Gecko/20060508 Firefox/1.5.0.4
>> Accept: 
>> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 
>>
>> Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
>> Accept-Encoding: gzip,deflate
>> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>> Keep-Alive: 300
>> Connection: keep-alive
>> Authorization: Basic YWRtaW46Zm9vcGFzcw==
>>
>> HTTP/1.x 200 OK
>> Date: Fri, 23 Jun 2006 12:02:34 GMT
>> Server: Zope/(Zope 2.7.8-final, python 2.3.5, linux2) ZServer/1.1
>> Content-Length: 156
>> Content-Type: text/html
>> X-Zopeuser: admin
>> Keep-Alive: timeout=5, max=100
>> Connection: Keep-Alive
>> ----------------------------------------------------------
> 
> nice password btw ;)
Yes, a test password off course ;-). Will this being sent encrypted?



More information about the Zope mailing list