Cookie authentication can't be secure. Also I have my doubts about
http authentication. I'll check though. Basicallx you want really good
encryption on any logon and password etc.
On 1/25/06, Jens Vagelpohl <[EMAIL PROTECTED]> wrote:
> On 25 Jan 2006, at 18:55, michael nt milne wrote:
> > Hi
> > Yeah I know the security aspects are good once you are in, however
> > when you login it's possible for someone to grab your logon name and
> > pass as it goes over the internet, as there's no encryption at all.
> > Then obviously login themselves and compromise your sites.
> > Just slightly concerned about this as I plan to have a few sites
> > set-up on one server, with client logins and have to advise on
> > security. I know that Apache SSL can help but it's a tricky extra step
> > and I only need to secure the login areas at the moment, not encrypt a
> > whole site.
> You should read up on HTTP authentication and cookie authentication,
> I sense some severe knowledge gaps there...
> Zope maillist - Zope@zope.org
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-dev )
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists -