https://github.com/fourdigits/collective.passwordwall

Puts a Plone site behind a Basic Auth login, separately from Plone users. Useful for ACC envs.
https://github.com/fourdigits/collective.passwordwall

Last synced: about 1 year ago
JSON representation

Puts a Plone site behind a Basic Auth login, separately from Plone users. Useful for ACC envs.

• Host: GitHub
• URL: https://github.com/fourdigits/collective.passwordwall
• Owner: fourdigits
• Created: 2018-06-21T13:26:00.000Z (almost 8 years ago)
• Default Branch: master
• Last Pushed: 2018-06-25T14:12:42.000Z (almost 8 years ago)
• Last Synced: 2025-03-07T17:50:28.497Z (over 1 year ago)
• Language: Python
• Size: 16.6 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGES.rst

Awesome Lists containing this project

README

          
# Passwordwall

This puts your Plone site behind a login, without actually logging in a Plone user.

## Use case

This is intended for use on public websites, so "Published" in Plone workflow

terminology, where you want to restrict access because the site isn't meant to

be open to the public yet.

It enables people to view the site as as an anonymous user (in the Plone

sense), so without having to log in into Plone.

It is not intended for intranets, and other sites where login is required

anyway. In that case, this product is either not necessary, or you're better

off using iw.rejectanonymous.

### Plain text

The site password is stored internally as plain text. Do not use your personal

super secure password here, because we intended it to be used by several

people.

The password should be easy to look up and communicate, which is why we store

it in plain text.

If you have a different use case for this product where you want a different

behaviour: We *do* welcome pull requests!

## Alternatives

You might also achieve this with:

- web server Basic Auth

- IP restriction

But if your hosting setup is such that that isn't an option,

this package might help.

## How to use

Go to the Plone control panel, to the "Security" tab.

You will see a checkbox "Site behind password". Check it to activate the passwordwall.

This means users will need to supply credentials before they can use the site.

Users that are already logged in as Plone users are not asked for credentials.

The password can be set by the "Password" field.

This is what people have to type in the "password" box in the dialog to get access.

### Picking a password

It's recommended to not use dictionary words as is, nor should you use other

well known phrases as passwords. This is because their MD5 hashes (which we

store as the cookie value) would easily reveal the password. Just mixing in a

couple of numbers or other characters should make for a fine password.

Try it on https://isc.sans.edu/tools/reversehash.html if you're not sure.

### Changing the password

When you change the password, existing cookies will be invalid, because the

password hash changed. People without Plone accounts (or who are logged out

from Plone) will be forced to re-enter the credentials.

## Thank you

- Ingeniweb for iw.rejectanonymous, some of whose code this product copied.

  All spelling mistakes are also their fault.