Re: [Zope] Zope/Plone logon security strategy etc

2006-02-28 Thread Dieter Maurer
michael nt milne wrote at 2006-2-28 15:51 +: >I'm probably missing something really obvious but am wondering how you >actually implement your product on a live plone site. I've got it installed. >Do you just customise the login form that comes with the product and use >that on the site? I fear

Re: [Zope] Zope/Plone logon security strategy etc

2006-02-15 Thread michael nt milne
PSI won't be using this with SSL obviously. Good to use it to secure login areas where the other content doesn't require SSL.On 2/15/06, michael nt milne <[EMAIL PROTECTED]> wrote: Hi DieterI've installed DigestAuth. Just wondering if there are any set-up instructions at all?ThanksMichaelOn 1/26/0

Re: [Zope] Zope/Plone logon security strategy etc

2006-02-15 Thread michael nt milne
Hi DieterI've installed DigestAuth. Just wondering if there are any set-up instructions at all?ThanksMichaelOn 1/26/06, Dieter Maurer <[EMAIL PROTECTED]> wrote:michael nt milne wrote at 2006-1-25 18:55 +: >Yeah I know the security aspects are good once you are in, however>when you login it's p

Re: [Zope] Zope/Plone logon security strategy etc

2006-01-26 Thread Dieter Maurer
michael nt milne wrote at 2006-1-25 18:55 +: >Yeah I know the security aspects are good once you are in, however >when you login it's possible for someone to grab your logon name and >pass as it goes over the internet, as there's no encryption at all. >Then obviously login themselves and compro

Re: [Zope] Zope/Plone logon security strategy etc

2006-01-25 Thread Jens Vagelpohl
On 25 Jan 2006, at 18:55, michael nt milne wrote: Hi Yeah I know the security aspects are good once you are in, however when you login it's possible for someone to grab your logon name and pass as it goes over the internet, as there's no encryption at all. Then obviously login themselves and c

Re: [Zope] Zope/Plone logon security strategy etc

2006-01-25 Thread michael nt milne
Hi Yeah I know the security aspects are good once you are in, however when you login it's possible for someone to grab your logon name and pass as it goes over the internet, as there's no encryption at all. Then obviously login themselves and compromise your sites. Just slightly concerned about t

Re: [Zope] Zope/Plone logon security strategy etc

2006-01-25 Thread Jens Vagelpohl
On 25 Jan 2006, at 17:17, michael nt milne wrote: Just a quick question about Zope/Plone logins and security etc. When I go to www.domain.com:8080/manage I get a login box which seems to function in exactly the same way as the www.domain.com:8080/login_form page. My question is, what was the r

Re: [Zope] Zope/Plone logon security strategy etc

2006-01-25 Thread Tino Wildenhain
michael nt milne schrieb: > Just a quick question about Zope/Plone logins and security etc. When I > go to www.domain.com:8080/manage I get a login box which seems to > function in exactly the same way as the www.domain.com:8080/login_form > page. > > My question is, what was the rational for impl

[Zope] Zope/Plone logon security strategy etc

2006-01-25 Thread michael nt milne
Just a quick question about Zope/Plone logins and security etc. When I go to www.domain.com:8080/manage I get a login box which seems to function in exactly the same way as the www.domain.com:8080/login_form page. My question is, what was the rational for implementing this logon strategy in Zope a