Hi Bartek, I think what you are saying is that the password used to modify a zwicky page could be read while it's passing through the net, and so other people could then use the password.
Here's my response if I've understood you correctly:
(1) the authorisation is handled by the server zope - we have "encrypt user passwords" enabled, so i think the passwords are... encrypted - if zope works as it says it does.
(2) Even if someone *did* get the password, s/he would only be able to change the same pages that everyone else can change, inside of the zwicky folder. This is why later on we can consider having some pages modifiable by *everyone*.
(3) The zope/zwicky login is *not* your adjani login. Your adjani password will certainly fail on zwicky. Tomek or I need to make you a login + allow access from your internet service provider (at the moment we're being ultra-paranoid and only local machines are authorised).
On Wed, 6 Nov 2002, Bartosz Lew wrote:
hi all if it comesabout those wiki pages thtcan be modifien online I don;t think it's very secure since an authorisation goes over an external net (I watche the pages from my hause - and didn't log on deliberately) unencrypted. If one enters adjani hes free to explore further. maeybe that should be a seure page.