On 07.02.06 23:58:20, michael nt milne wrote:
> Also, just to say that I did a test on only letting authenticated and
> managers view the root page of the site over ssl. If you just cancelled the
> login box or closed it, the whole front page was displayed without any css
> but you could still get all the content.

Then you had the proper rights somehow.

> I've had this quite a bit before so that's why I'm looking into Apache
> authentication. I just don't think that Zope authentication is secure.

Authentication via .htpasswd uses the same HTTP method as the basic
login into Zope. It's not more or less secure than authenticating
directly with Zope.


There is a 20% chance of tomorrow.
Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to