michael nt milne wrote:
Chris, back to throwing personal insults eh.


It's not so much an insult as a statement of fact. Retarded means "slower", and given how slow you seem to be to "get" the stuff we're discussing, I think the shoe fits. Not necessarily meant as an insult, but if you want to take it as such, so be it...

refrain from 'gratuitous insults'. That's just going to turn people
away and harm the cause of Zope.

Some people this community could do without. I have no doubt that you'd argue that I am one of those people. I, of course, feel the same about you ;-)

I hope you're making sure the "secure" bit is set on those cookies ;-)

I take it this is a joke.

Okay, so you don't want to bother reading specs eithers. Great. Go read up on the cookie spec, find out what the secure bit of a cookie does...

Plone uses cookie authentication by default.

And Plohn is hideously insecure by default, what's your point?

You can't log in with out that.

Sure you can, chuck ?disable_cookie_auth__=1 on the end of a url that's not anonymously accessible...

There are security risks there but
good user education with a strong password policy, no use of 'save
password' facilities and SSL is a start at least.

Good luck, you're gonna need it...

Considering you can't even quote a response correctly, I somehow doubt
that..

Oh come on.

What? You're mail client put >>> in front of your previous post, which is faulty for the majority of mail clients used by people on this list.
Fix it.

Fine, don't take our advice, but don't expect help either.

What because I don't take all your advice? That's a bit elitist and
also not good for growing the user base of Zope.

You don't take anyone's advice on this list without bitching and whining about it...

And to finish on my problem with IE over SSL, I'll be implementing the
help found here. It's recognised that there are problems and bugs in
IE over SSL:

Your problem will undoubtedly be that access_rule put in by the Plohn installer. Remove it, and I'll bet your problems go away. But hey, what do I know?

MSIE versions. You can work around these problems by forcing Apache
not to use HTTP/1.1, keep-alive connections or send the SSL close
notify messages to MSIE clients. This can be done by using the
following directive in your SSL-aware virtual host section

So, have you actually followed this advice? What difference has it made?

*sigh*

Chris

--
Simplistix - Content Management, Zope & Python Consulting
           - http://www.simplistix.co.uk

_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to