michael nt milne wrote at 2006-1-25 18:55 +0000: >Yeah I know the security aspects are good once you are in, however >when you login it's possible for someone to grab your logon name and >pass as it goes over the internet, as there's no encryption at all. >Then obviously login themselves and compromise your sites.
You might be interested in my "DigestAuth" product. It provides HTTP DigestAuthentication for Zope. Of course, HTTP authentication gives you less freedom than other forms of authentication (as the browser does the login). These other forms can be made safer by the use of "https". -- Dieter _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )