On 2/7/06, michael nt milne <[EMAIL PROTECTED]> wrote:
> Also Zope doesn't do SSL well and all password - login is
> basically insecure!

If you mean that logins without SSL are basically insecure, ok. But
given your other posts, if you mean that Zope authentication is
somehow inherently insecure (other than non-SSL traffic being in the
clear), please consider that the problems you experienced with it
don't lead to that conclusion. I run secured Zope sites on Classified
networks, and wouldn't be able to if Zope security was as broken as
you make it out to be.

If you need Apache auth and then need Plone auth, and you have a
question about configuring Apache auth, then it's appropriate to ask
an Apache list. The Apache httpd docs are also very good.
Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to