michael nt milne wrote:
Yes, I've got the whole site going over SSL and the :8080 port re-directing
to SSL.


Anything not over SSL should be blocked, not redirected, given your earlier paranoia...

However on my main server where I have other sites I was thinking about
implementing SSL for the login areas to make them fully secure. From what
you are saying though you'd basically need to make a whole site go over SSL
and just implementing that on the login areas isn't worth it?

Correct. Also, don't turn SSL into a panacea. Security is hard. Very hard. I'm not sure you understand that yet...

I still have an issue with IE6 over SSL where trying to create new pages or
edit content, produces a server not found and the padlock dissapears.

Look at where the form action points to, I suspect you haven't correctly configured your virtual hosting stuff in Apache and/or Zope.

cheers,

Chris

--
Simplistix - Content Management, Zope & Python Consulting
           - http://www.simplistix.co.uk
_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to