-----Original Message----- From: Joseph Thomas (s) Sent: Wednesday, March 04, 2009 10:50 AM To: 'li...@zopyx.com' Subject: RE: [Zope] sending a encrypted login URL
I think I get what you're suggesting, but let me clarify. I actually wanted the sensitive portions of URL to be encrypted..because it will be link on a page that says "login to zope"..but I wouldn't want the user or a snooper to be able to view the page source and figure out the URL pattern and the username/password. SSL will ensure that the transport between the browser and the zope server will be encrypted using PKI, but I really want to obfuscate the user name and password parameters in the login URL. So that that if some1 where to view the source they'd see garbled username/password parameters. I suppose I could use the PKI to encrypt the username/password with my zope server's public key (but is there a API to do this on a J2EE container) and then have my zope server decrypt using its private key (but how would zope know that the username/password parameters are 2 be treated as encrypted data)? -----Original Message----- From: Andreas Jung [mailto:li...@zopyx.com] Sent: Wednesday, March 04, 2009 10:38 AM To: Joseph Thomas (s) Cc: zope@zope.org Subject: Re: [Zope] sending a encrypted login URL -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Use SSL and you're done. - -aj On 04.03.2009 17:29 Uhr, Joseph Thomas (s) wrote: > We'd like to construct a zope login URL of the form on another server: > > > > http://zope.domain:port/context/logged_in?__ac_name=uzzzzzz&__ac_password=xxxxxxx&submit=Log+in > <http://zope.domain:port/context/logged_in?__ac_name=uzzzzzz&__ac_password=xxxxxxx&submit=Log+in> > > > > > > where the ac_name and ac_password parameters are encrypted using zope > public key (?) and have the parameters decrypted when zope receives the > request and login the user. > > > > Is there an API or some way to encrypt the username and password on the > 3^rd party app server and configure zope so that it treats the > parameters as encrypted values rather than plaintext? > > > > Joseph Thomas > > College of American Pathologists > > http://www.cap.org <http://www.cap.org/> > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Zope maillist - Zope@zope.org > http://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope-dev ) - -- ZOPYX Ltd. & Co. KG - Charlottenstr. 37/1 - 72070 Tübingen - Germany Web: www.zopyx.com - Email: i...@zopyx.com - Phone +49 - 7071 - 793376 Registergericht: Amtsgericht Stuttgart, Handelsregister A 381535 Geschäftsführer/Gesellschafter: ZOPYX Limited, Birmingham, UK - ------------------------------------------------------------------------ E-Publishing, Python, Zope & Plone development, Consulting -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkmurnAACgkQCJIWIbr9KYylKQCgn3WWP5SzGrrAQbJIQXv7Bfac 3fwAoIiI4iwtVBFVRg7jtZu5Vgy5fw3f =MHol -----END PGP SIGNATURE----- Consider our environment; please print this e-mail only if truly necessary. Thank you! _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )