Personal tools
You are here: Home Security Zope Login_form security modification
Document Actions

Login_form security modification

The default zope/plone login_form calls the function ``logged_in'' without forcing a security connection.

The default login_form for Plone calls the action logged_in as a straight function call, which doesn't force a secure https connection. To force a secure connection do the following:

  • Login to your Plone instance in manage mode.
  • Use the ``find'' tab at the top of the screen to search ``With Ids: login_form'' which will either point to an instance in the plone_skins/plone_forms or plone_skins/customer directories of your Plone instance.
  • If there's only one instance of login_form on your Plone site, click on it at the top of the find window, then click on the ``customize'' button.
  • Edit the custom login_form to change the ``action="logged_in"'' line to read ``action="https://yoursiteurl/logged_in"''
  • Finally test the new login_form to insure that it works (I found that I had a problem with my Apache rewrite rules when I first did this on the site).
« July 2020 »
Su Mo Tu We Th Fr Sa

Powered by Plone CMS, the Open Source Content Management System

This site conforms to the following standards: