A comment to the paragraph below was recently added via 
http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/Security.stx#2-27

---------------

    If you're worried about someone "snooping" your username/password
    combinations, or you wish to manage your Zope site ultra-securely,
    you should manage your Zope site via an SSL (Secured Sockets
    Layer) connection.  The easiest way to do this is to use Apache or
    another webserver which comes with SSL support and put it "in
    front" of Zope.  Some (minimalistic) information about setting up
    Zope behind an SSL server is available at "Unfo's member page on
    Zope.org":http://www.zope.org/Members/unfo/apache_zserver_ssl, on
    "Zopelabs.com":http://www.zopelabs.com/cookbook/1028143332 .  The
    chapter of this book entitled "Virtual Hosting":VirtualHosting.stx
    also provides some background that may be helpful to set up an SSL
    server in front of Zope.

      % Anonymous User - Nov. 12, 2004 4:34 pm:
       What about ZServerSSL

      % Anonymous User - Oct. 10, 2005 9:18 pm:
       Unfo's page is rather old. I'd expect using mod_rewrite for that now 
instead. Ideally I would like to know
       how to configure a Zope Virtual host such that ordinary HTTP is used 
unless HTTP authorization is required,
       in which case SSL is automatically activated. I have tried several 
approaches with mod_rewrite but so far
       with no success.
_______________________________________________
ZDP maillist  -  ZDP@zope.org
http://mail.zope.org/mailman/listinfo/zdp

Reply via email to