-Original Message-
From: Joseph Thomas (s)
Sent: Wednesday, March 04, 2009 10:50 AM
To: 'li...@zopyx.com'
Subject: RE: [Zope] sending a encrypted login URL
I think I get what you're suggesting, but let me clarify.
I actually wanted the sensitive portions of URL to be encrypted..because it
will be link on a page that says login to zope..but I wouldn't want the user
or a snooper to be able to view the page source and figure out the URL pattern
and the username/password.
SSL will ensure that the transport between the browser and the zope server will
be encrypted using PKI, but I really want to obfuscate the user name and
password parameters in the login URL. So that that if some1 where to view the
source they'd see garbled username/password parameters.
I suppose I could use the PKI to encrypt the username/password with my zope
server's public key (but is there a API to do this on a J2EE container) and
then have my zope server decrypt using its private key (but how would zope know
that the username/password parameters are 2 be treated as encrypted data)?
-Original Message-
From: Andreas Jung [mailto:li...@zopyx.com]
Sent: Wednesday, March 04, 2009 10:38 AM
To: Joseph Thomas (s)
Cc: zope@zope.org
Subject: Re: [Zope] sending a encrypted login URL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Use SSL and you're done.
- -aj
On 04.03.2009 17:29 Uhr, Joseph Thomas (s) wrote:
We'd like to construct a zope login URL of the form on another server:
http://zope.domain:port/context/logged_in?__ac_name=uzz__ac_password=xxxsubmit=Log+in
http://zope.domain:port/context/logged_in?__ac_name=uzz__ac_password=xxxsubmit=Log+in
where the ac_name and ac_password parameters are encrypted using zope
public key (?) and have the parameters decrypted when zope receives the
request and login the user.
Is there an API or some way to encrypt the username and password on the
3^rd party app server and configure zope so that it treats the
parameters as encrypted values rather than plaintext?
Joseph Thomas
College of American Pathologists
http://www.cap.org http://www.cap.org/
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
- --
ZOPYX Ltd. Co. KG - Charlottenstr. 37/1 - 72070 Tübingen - Germany
Web: www.zopyx.com - Email: i...@zopyx.com - Phone +49 - 7071 - 793376
Registergericht: Amtsgericht Stuttgart, Handelsregister A 381535
Geschäftsführer/Gesellschafter: ZOPYX Limited, Birmingham, UK
-
E-Publishing, Python, Zope Plone development, Consulting
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkmurnAACgkQCJIWIbr9KYylKQCgn3WWP5SzGrrAQbJIQXv7Bfac
3fwAoIiI4iwtVBFVRg7jtZu5Vgy5fw3f
=MHol
-END PGP SIGNATURE-
Consider our environment; please print this e-mail only if truly
necessary. Thank you!
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )