Rob Page zope.com> writes:
>
> At long last the Zope Foundation is incorporated!
Great News :)
Is there going to be an official Press release about this? I haven't found
anything on zope.org or zope.com yet.
Jan-Ulrich and myself would be happy to promote this great news in the German
speaki
Thanks for answering, however I think that the problem is simply that
verbose-security is not working. I have a new install of zope 2.8.6, I
make a folder, I make index_html, I change the security on this so that
it can only be read by manager. I go to error log and allow
'Unuathorized' to be logge
michael nt milne wrote:
> I'd like to implement SSL on the site login etc, as it's not secure
> without this. There's also one site I'd like to serve completely over
> https. However. I'm told that you can't run SSL on virtual hosts and
> can only have once SSL site per IP address.
To vary either
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeremy Cook wrote:
> Thanks for answering, however I think that the problem is simply that
> verbose-security is not working. I have a new install of zope 2.8.6, I
> make a folder, I make index_html, I change the security on this so that
> it can only
Hello,
i've a problem with ExtFile 1.4.4 installed in a Zope 2.8.6 (on RHES4).
The redirection, at the end of file creation doesn't work.
To test the problem you have to create these methods:
The first one is called 'form':
---
name="form1">
Insert
Id
File
---
The second one is called
I've been for some time using a "hacked" version of virtual host monster
that was maintained by my hosting company, and I've just moved to a new
hosting service
with just the "stock" version. My impression was that the hack was
mostly cosmetic (just sweetened the interface a little by giving yo
On Tuesday 28 of March 2006 23:48, MIlos Prudek wrote:
> I have a typical ZPT form that redisplays entered data if invalid data is
> entered:
>
>
>
> Unfortunately it throws a Unicode exception if a Czech accented character
> is entered. Such as "s" with a hacek. Or "c" with a hacek. Possibly appl
Hi there,
I have been telling all my clients about how great Zope is for security:
fine-grained permissions, security framework, roles, etc.
Now, one of my clients has a security expert who took a close look at
how Zope authenticates users. The results were not good.
The main problem is tha
Cyrille Bonnet wrote:
The main problem is that Zope stores the username and password in a
cookie in clear text (base64 encoded).
Even though it only happens in their internal network, my client
wasn't too happy, because it makes them vulnerable to a
man-in-the-middle attack.
I know, the od
Hi Terry,
thanks for your comment.
Stock Zope doesn't use cookie authentication, so you're actually talking
about
an alternate user folder product (which you don't specify and I don't
know that
many of them, so I can't really comment much -- except that
SimpleUserFolder
with CookieCrumbler wi
Cyrille Bonnet wrote:
Hi Terry,
thanks for your comment.
Stock Zope doesn't use cookie authentication, so you're actually
talking about
an alternate user folder product (which you don't specify and I don't
know that
many of them, so I can't really comment much -- except that
SimpleUserFolde
> > I'd rather encrypt passwords with a hash and reset the password if the
> > users have lost it. Is it possible to do that in Zope?
Isn't there an option in GRUF to encrypt passwords?
Although I don't think that affects the user's sending of passwords over the
Web.
Peace,
George
___
Cyrille Bonnet wrote:
> Hi there,
>
> I have been telling all my clients about how great Zope is for security:
> fine-grained permissions, security framework, roles, etc.
>
> Now, one of my clients has a security expert who took a close look at
> how Zope authenticates users. The results were not
Cyrille Bonnet wrote:
> Hi Terry,
...
> Sorry, I wasn't even aware that Zope stores the passwords in plain text.
> My primary concern (for the moment) is passwords in plain text in the
> request.
No it does not. The default userfolder stores passwords hashed.
Regards
Tino
___
On 3/30/06, Cyrille Bonnet <[EMAIL PROTECTED]> wrote:
> The main problem is that Zope stores the username and password in a
> cookie in clear text (base64 encoded).
As mentioned before, Zope doesn't, but CookieCrumbler (and hence Plone) does.
And, the security expert is not much of a security expe
15 matches
Mail list logo
