On 25 Jan 2006, at 18:55, michael nt milne wrote:


Yeah I know the security aspects are good once you are in, however
when you login it's possible for someone to grab your logon name and
pass as it goes over the internet, as there's no encryption at all.
Then obviously login themselves and compromise your sites.

Just slightly concerned about this as I plan to have a few sites
set-up on one server, with client logins and have to advise on
security. I know that Apache SSL can help but it's a tricky extra step
and I only need to secure the login areas at the moment, not encrypt a
whole site.

You should read up on HTTP authentication and cookie authentication, I sense some severe knowledge gaps there...


Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to