Chris, back to throwing personal insults eh. I'll refrain from going down that line as it's tedious and un-professional. You've obviously not listened to the advice of your fellow peers on that front. Everyone can take on a little advice and I've remarked previously that I was wrong in my initial approach with this post which has now blown out of all proportion and is to be honest a bit of a joke.
Security is hard and I'm getting my head round it. I'm also newish to Zope and Plone and feel I've progressed pretty well in about 6 months considering I do a full-time job too. It is a steep learning curve and the more people that persevere with it the better. Whilst I find the Zope and Plone lists generally fantastic. They're the best user based lists I have experienced. However they're not helped by the attitude displayed by you, Chris and your inability to refrain from 'gratuitous insults'. That's just going to turn people away and harm the cause of Zope. To answer some of your points: >>I hope you're making sure the "secure" bit is set on those cookies ;-) I take it this is a joke. Plone uses cookie authentication by default. You can't log in with out that. There are security risks there but good user education with a strong password policy, no use of 'save password' facilities and SSL is a start at least. >>Considering you can't even quote a response correctly, I somehow doubt that.. Oh come on. >Fine, don't take our advice, but don't expect help either. What because I don't take all your advice? That's a bit elitist and also not good for growing the user base of Zope. >>Sheesh, sorry, but I've come to the conclusion you're just trolling and so won't be wasting my time with any more of your posts... Well you're wrong on that one as well. You're probably just not suited to helping out newer users. I wouldn't suggest customer service as a second career..:-) And to finish on my problem with IE over SSL, I'll be implementing the help found here. It's recognised that there are problems and bugs in IE over SSL: http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html "The first reason is that the SSL implementation in some MSIE versions has some subtle bugs related to the HTTP keep-alive facility and the SSL close notify alerts on socket connection close. Additionally the interaction between SSL and HTTP/1.1 features are problematic in some MSIE versions. You can work around these problems by forcing Apache not to use HTTP/1.1, keep-alive connections or send the SSL close notify messages to MSIE clients. This can be done by using the following directive in your SSL-aware virtual host section SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 Further, some MSIE versions have problems with particular ciphers. Unfortunately, it is not possible to implement a MSIE-specific workaround for this, because the ciphers are needed as early as the SSL handshake phase. So a MSIE-specific SetEnvIf won't solve these problems. Instead, you will have to make more drastic adjustments to the global parameters. Before you decide to do this, make sure your clients really have problems. If not, do not make these changes - they will affect all your clients, MSIE or otherwise." On 2/14/06, Chris Withers <[EMAIL PROTECTED]> wrote: > Alexander Limi wrote: > > On Tue, 14 Feb 2006 04:59:07 -0800, Dario Lopez-Kästen > > <[EMAIL PROTECTED]> wrote: > > > >> *HOWEVER*, IIRC, plone, especially on windows (if installed with the > >> windows installer) uses a trick, which is not documented at all, as > >> far as I know, uses a Site Access rule. > > > > http://plone.org/documentation/faq/multiple-sites-installers > > > > What part is not documented at all? :) > > *sigh* > > If it uses an Access Rule, it's likely still a dirty trick that will > confuse retards like Michael, I'd suggest removing it... > > Chris > > -- > Simplistix - Content Management, Zope & Python Consulting > - http://www.simplistix.co.uk > > _______________________________________________ > Zope maillist - Zope@zope.org > http://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope-dev ) > -- Michael _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )