Thanks for the help. I got some good Apache advice on the Plone list vis a
vis <location>

What I'd like to do is have Apache and Zope (roles, workflow) for extra
security over SSL. I'll re-visit the authentication issue with the help I've received.

On 2/9/06, michael nt milne <[EMAIL PROTECTED]> wrote:
Thanks for the help. I got some good Apache advice on the Plone list vis a vis <location>

What I'd like to do is have Apache and Zope (roles, workflow) for extra security over SSL. I'll re-visit the authentication issue with the help I've received in mind and re-check the documentation.

On 2/9/06, Robert Boyd < [EMAIL PROTECTED]> wrote:
On 2/7/06, michael nt milne <[EMAIL PROTECTED]> wrote:
> Also Zope doesn't do SSL well and all password - login is
> basically insecure!

If you mean that logins without SSL are basically insecure, ok. But
given your other posts, if you mean that Zope authentication is
somehow inherently insecure (other than non-SSL traffic being in the
clear), please consider that the problems you experienced with it
don't lead to that conclusion. I run secured Zope sites on Classified
networks, and wouldn't be able to if Zope security was as broken as
you make it out to be.

If you need Apache auth and then need Plone auth, and you have a
question about configuring Apache auth, then it's appropriate to ask
an Apache list. The Apache httpd docs are also very good.

_______________________________________________
Zope maillist  -   Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )





--
Michael



--
Michael
_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to