A comment to the paragraph below was recently added via
http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/Security.stx#2-27
---------------
If you're worried about someone "snooping" your username/password
combinations, or you wish to manage your Zope site ultra-securely,
you should manage your Zope site via an SSL (Secured Sockets
Layer) connection. The easiest way to do this is to use Apache or
another webserver which comes with SSL support and put it "in
front" of Zope. Some (minimalistic) information about setting up
Zope behind an SSL server is available at "Unfo's member page on
Zope.org":http://www.zope.org/Members/unfo/apache_zserver_ssl, on
"Zopelabs.com":http://www.zopelabs.com/cookbook/1028143332 . The
chapter of this book entitled "Virtual Hosting":VirtualHosting.stx
also provides some background that may be helpful to set up an SSL
server in front of Zope.
% Anonymous User - Nov. 12, 2004 4:34 pm:
What about ZServerSSL
% Anonymous User - Oct. 10, 2005 9:18 pm:
Unfo's page is rather old. I'd expect using mod_rewrite for that now
instead. Ideally I would like to know
how to configure a Zope Virtual host such that ordinary HTTP is used
unless HTTP authorization is required,
in which case SSL is automatically activated. I have tried several
approaches with mod_rewrite but so far
with no success.
_______________________________________________
ZDP maillist - [email protected]
http://mail.zope.org/mailman/listinfo/zdp
