Re: [Zope] Zope/Plone logon security strategy etc

2006-02-28 Thread Dieter Maurer
michael nt milne wrote at 2006-2-28 15:51 +: I'm probably missing something really obvious but am wondering how you actually implement your product on a live plone site. I've got it installed. Do you just customise the login form that comes with the product and use that on the site? I fear

Re: [Zope] Zope/Plone logon security strategy etc

2006-02-15 Thread michael nt milne
Hi DieterI've installed DigestAuth. Just wondering if there are any set-up instructions at all?ThanksMichaelOn 1/26/06, Dieter Maurer [EMAIL PROTECTED] wrote:michael nt milne wrote at 2006-1-25 18:55 +: Yeah I know the security aspects are good once you are in, howeverwhen you login it's

Re: [Zope] Zope/Plone logon security strategy etc

2006-02-15 Thread michael nt milne
PSI won't be using this with SSL obviously. Good to use it to secure login areas where the other content doesn't require SSL.On 2/15/06, michael nt milne [EMAIL PROTECTED] wrote: Hi DieterI've installed DigestAuth. Just wondering if there are any set-up instructions at all?ThanksMichaelOn

Re: [Zope] Zope/Plone logon security strategy etc

2006-01-26 Thread Dieter Maurer
michael nt milne wrote at 2006-1-25 18:55 +: Yeah I know the security aspects are good once you are in, however when you login it's possible for someone to grab your logon name and pass as it goes over the internet, as there's no encryption at all. Then obviously login themselves and

Re: [Zope] Zope/Plone logon security strategy etc

2006-01-25 Thread Tino Wildenhain
michael nt milne schrieb: Just a quick question about Zope/Plone logins and security etc. When I go to www.domain.com:8080/manage I get a login box which seems to function in exactly the same way as the www.domain.com:8080/login_form page. My question is, what was the rational for

Re: [Zope] Zope/Plone logon security strategy etc

2006-01-25 Thread Jens Vagelpohl
On 25 Jan 2006, at 17:17, michael nt milne wrote: Just a quick question about Zope/Plone logins and security etc. When I go to www.domain.com:8080/manage I get a login box which seems to function in exactly the same way as the www.domain.com:8080/login_form page. My question is, what was the

Re: [Zope] Zope/Plone logon security strategy etc

2006-01-25 Thread michael nt milne
Hi Yeah I know the security aspects are good once you are in, however when you login it's possible for someone to grab your logon name and pass as it goes over the internet, as there's no encryption at all. Then obviously login themselves and compromise your sites. Just slightly concerned about

Re: [Zope] Zope/Plone logon security strategy etc

2006-01-25 Thread Jens Vagelpohl
On 25 Jan 2006, at 18:55, michael nt milne wrote: Hi Yeah I know the security aspects are good once you are in, however when you login it's possible for someone to grab your logon name and pass as it goes over the internet, as there's no encryption at all. Then obviously login themselves and