Philipp von Weitershausen wrote:
True, it's not the nicest solution. But you could make it safer by first
stripping the according request variable from the QUERY_STRING.
mod_rewrite is quite powerful in that respect.
Is it just me, or should a deep feeling of uneasiness accompany the
On Tue, Nov 15, 2005 at 11:02:06AM +, Chris Withers wrote:
| Philipp von Weitershausen wrote:
| True, it's not the nicest solution. But you could make it safer by first
| stripping the according request variable from the QUERY_STRING.
| mod_rewrite is quite powerful in that respect.
|
| Is it
Simon Hang wrote:
Dear all,
I'm trying to use apache as zope3's frontend, and do NTLM authentication
as well.
Well, traditionally it's been part of Zope's responsibility to do
credentials extraction and user authentication. That doesn't mean it
couldn't be done by the webserver in front of
Philipp von Weitershausen wrote:
Simon Hang wrote:
Dear all,
I'm trying to use apache as zope3's frontend, and do NTLM authentication
as well.
Well, traditionally it's been part of Zope's responsibility to do
credentials extraction and user authentication. That doesn't mean it
couldn't be
Florent Guillaume wrote:
Well, Zope 3 doesn't care that Apache has authenticated your user. It
doesn't see that. If you want the Zope 3 security system to interact
with Apache's, here's a suggestion (not sure if it'll actually work):
- Have Apache forward the REMOTE_USER CGI env variable,
Simon Hang wrote:
Thanks for the help.
I feel not comfortable to put the username in URL. User may be able to
bypass the authentication and direct access zope with username in URL.
True, it's not the nicest solution. But you could make it safer by first
stripping the according request
just as a followup, Benji helped me fix the rewrite issue I was having
before. If anyone else comes across the same issue, a workaround is
to do the following:
VirtualHost *:80
ServerAdmin [EMAIL PROTECTED]
ErrorLog logs/fcwkstn.thig.com-error_log
CustomLog