Cookie authentication can't be secure. Also I have my doubts about http authentication. I'll check though. Basicallx you want really good encryption on any logon and password etc.
On 1/25/06, Jens Vagelpohl <[EMAIL PROTECTED]> wrote: > > On 25 Jan 2006, at 18:55, michael nt milne wrote: > > > Hi > > > > Yeah I know the security aspects are good once you are in, however > > when you login it's possible for someone to grab your logon name and > > pass as it goes over the internet, as there's no encryption at all. > > Then obviously login themselves and compromise your sites. > > > > Just slightly concerned about this as I plan to have a few sites > > set-up on one server, with client logins and have to advise on > > security. I know that Apache SSL can help but it's a tricky extra step > > and I only need to secure the login areas at the moment, not encrypt a > > whole site. > > You should read up on HTTP authentication and cookie authentication, > I sense some severe knowledge gaps there... > > jens > > _______________________________________________ > Zope maillist - Zope@zope.org > http://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope-dev ) > _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )