[Pdweb] please put the dev docs back

Frank Barknecht fbar at footils.org
Thu Sep 28 08:56:41 CEST 2006


Hallo,
IOhannes m zmoelnig hat gesagt: // IOhannes m zmoelnig wrote:

> Mathieu Bouchard wrote:
> >Why not use challenge-response authentication over plain http? That's 
> >secure enough, yes?
> so how?

I think, Matju refers to basic or digest http authentificaton, which
is a step backwards from using SSL, so as we already have SSL working, 
I would not recommend it. But redirecting users to plain http-pages
after they have logged in over SSL is a pretty common design
pattern in Web applications. I found this page which addresses this
and various other login stuff:

http://plone.org/documentation/how-to/secure-login-without-plain-text-passwords

Search for "came_from".

Ciao
-- 
 Frank Barknecht                 _ ______footils.org_ __goto10.org__



More information about the pdweb mailing list