Oliver Bleutgen wrote at 2003-1-16 15:42 +0100:
 > One thing that bothers me is that I cannot reliably (as in "in a generic 
 > way which always works") prevent users from sending their authentication 
 > unencrypted.
 > The only ideas I have to tackle this without modifying zope itself are
 > - customize all pages which need authentication to check for "https://"; 
 > in one of the relevant REQUEST attributes and do a redirect if not.
 > - use apache with some magic to trigger redirection if it encounters 
 > authentication headers in the request.
 > - use apache with some rewrite magic trigger redirection when a 
 > substring like "manage" is found in the request.
You might use a "SiteAccess" access rule.


Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to