Cookie authentication can't be secure. Also I have my doubts about
http authentication. I'll check though. Basicallx you want really good
encryption on any logon and password etc.

On 1/25/06, Jens Vagelpohl <[EMAIL PROTECTED]> wrote:
>
> On 25 Jan 2006, at 18:55, michael nt milne wrote:
>
> > Hi
> >
> > Yeah I know the security aspects are good once you are in, however
> > when you login it's possible for someone to grab your logon name and
> > pass as it goes over the internet, as there's no encryption at all.
> > Then obviously login themselves and compromise your sites.
> >
> > Just slightly concerned about this as I plan to have a few sites
> > set-up on one server, with client logins and have to advise on
> > security. I know that Apache SSL can help but it's a tricky extra step
> > and I only need to secure the login areas at the moment, not encrypt a
> > whole site.
>
> You should read up on HTTP authentication and cookie authentication,
> I sense some severe knowledge gaps there...
>
> jens
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )
>
_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to