I won't be using this with SSL obviously. Good to use it to secure login areas where the other content doesn't require SSL.
On 2/15/06, michael nt milne <[EMAIL PROTECTED]> wrote:
I've installed DigestAuth. Just wondering if there are any set-up instructions at all?
Michael--On 1/26/06, Dieter Maurer <[EMAIL PROTECTED]> wrote:michael nt milne wrote at 2006-1-25 18:55 +0000:
>Yeah I know the security aspects are good once you are in, however
>when you login it's possible for someone to grab your logon name and
>pass as it goes over the internet, as there's no encryption at all.
>Then obviously login themselves and compromise your sites.
You might be interested in my "DigestAuth" product.
It provides HTTP DigestAuthentication for Zope.
Of course, HTTP authentication gives you less freedom than
other forms of authentication (as the browser does the login).
These other forms can be made safer by the use of "https".
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )