The problem I've found is that you can't put this in the httpd.conf unless it is wrapped in a <Directory></Directory> directive
AuthType Basic
AuthName "Members Only"
AuthUserFile /path/to/.htpasswd
require valid-user
And the virutual host doesn't have a directory. If I were to place this in the zope root then I would password protect all the sites. I only wan't to password protect one etc.
On 2/8/06, Andreas Pakulat <[EMAIL PROTECTED]> wrote:
On 07.02.06 23:58:20, michael nt milne wrote:
> Also, just to say that I did a test on only letting authenticated and
> managers view the root page of the site over ssl. If you just cancelled the
> login box or closed it, the whole front page was displayed without any css
> but you could still get all the content.
Then you had the proper rights somehow.
> I've had this quite a bit before so that's why I'm looking into Apache
> authentication. I just don't think that Zope authentication is secure.
Authentication via .htpasswd uses the same HTTP method as the basic
login into Zope. It's not more or less secure than authenticating
directly with Zope.
Andreas
--
There is a 20% chance of tomorrow.
_______________________________________________
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
--
Michael
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
