By default, plone has some insecure defaults build-in. It is no real problem, as there are trade-offs for the safer alternatives. But you can make your site more secure with a few measures that are not too hard. In this first installment, I'm just going to worry you with two problems up front, I'll post later about the solution.
In default plone, passwords go over the wire in plain text. When you
submit the login form, you send over two parameters:
When someone is able to sniff the network traffic, this is one potential attack point. This could be remedied by encrypting the form data with https. Plone - or rather, zope - doesn't speak https, but that's not really the problem as you should put apache or squid in front of plone anyway.
After authentication, plone sets a cookie that gets passed on every subsequent request. Using firefox' LiveHttpHeaders extension is very instructive in this case:
GET /plone/folder_icon.gif HTTP/1.1 Host: localhost:3030 Accept: image/png,*/*;q=0.5 Cookie: __ac="dGVzdHVzZXI6cmV1dGVsCg%3D%3D"
To scare you even more: that cookie value looks pretty safe, but it
is a base64 encoded string.
%3d is urlencoded for
=, so replace
that and run the string through a base64 decoder:
$> echo dGVzdHVzZXI6cmV1dGVsCg== | base64 -d testuser:reutel
So that innocent-looking cookie contains our username
reutel in basically plain text :-)
For potential solutions, see Plone secure login, the secure part
My name is Reinout van Rees and I work a lot with Python (programming language) and Django (website framework). I live in The Netherlands and I'm happily married to Annie van Rees-Kooiman.
Most of my website content is in my weblog. You can keep up to date by subscribing to the automatic feeds (for instance with Google reader):