Hi Phil
 
I've implemented what's outlined in the make private site documentation and it works fine on Plone 2.1.1. No content is available apart from the site-map page (doesn't list content) and the contact form but I can figure that out separately.
 
Yes I think I like the HTML login page way to authenticate. It feels more usable. And I don't think I'll use an Apache login box at all. Most users will find it hard remembering one password and with cookie authentication over SSL you can go straight into the site. Brilliant.
 
I'm revisting some of the points made in this thread though about security. It does seem that Zope and Plone as you say, are at odds on this.
 
Thanks alot for your help and words of advice. I still seem to have an issue where editing a page in IE over SSL produces a 'can't find server' but it's a browser issue as this works fine on the latest Firefox.
 
Michael

 
On 2/11/06, Philip Kilner <[EMAIL PROTECTED]> wrote:
Hi Michael,

michael nt milne wrote:
> Yes I found that as well but picked it up from the Google cache.
> Strange that it is available there as it's password protected.
> Possibly it was public before?
>

Yes, it was public before.

Have you tried this, and does it solve your problems?

JCC is spot on when he points to workflow as being the basis of security
in Plone - it's also worth saying that the Zope system and the Plone
system are pretty much at odds with one another. You are more likely to
make mistakes at the Zope level than to do what you intend.

(If you try the "howto", don't overlook that last step - hitting the
"update security settings" button. Managed to overlook this myself
recently (despite it being the umpteenth time I've followed this howto),
and spent hours thinking that something more exotic was going on!)

Let us know how you get on...


--

Regards,

PhilK

Email: [EMAIL PROTECTED]
PGP Public key: http://www.xfr.co.uk
Voicemail & Facsimile: 07092 070518

"You'll find that one part's sweet and one part's tart:
say where the sweetness and the sourness start."
- Tony Harrison



--
Michael
_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to