-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Joseph Thomas (s) wrote:
> I think I get what you're suggesting, but let me clarify. > > I actually wanted the sensitive portions of URL to be > encrypted..because it will be link on a page that says "login to > zope"..but I wouldn't want the user or a snooper to be able to view > the page source and figure out the URL pattern and the > username/password. > > SSL will ensure that the transport between the browser and the zope > server will be encrypted using PKI, but I really want to obfuscate > the user name and password parameters in the login URL. So that that > if some1 where to view the source they'd see garbled > username/password parameters. > > I suppose I could use the PKI to encrypt the username/password with > my zope server's public key (but is there a API to do this on a J2EE > container) and then have my zope server decrypt using its private key > (but how would zope know that the username/password parameters are 2 > be treated as encrypted data)? On the Zope side, write a PAS plugin which knows how to extract the URL-based credentials, decrypting them as appropriate. You could prototype this as a ScriptablePlugin containing an ExternalMethod named 'extractCredentials' (might even be good enough for production, depending). Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJrrpQ+gerLs4ltQ4RAiujAKCNVtsj1Xalx5nYOd7CmQZiwgQNQQCgpxSz pVs7DRkz8wZuSBpM4/DiYM0= =6g7H -----END PGP SIGNATURE----- _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )