Skip to main content
Join the official 2019 Python Developers SurveyStart the survey!

Passwordwall plugin

Project description

# Passwordwall

This puts your Plone site behind a login, without actually logging in a Plone user.

## Use case

This is intended for use on public websites, so “Published” in Plone workflow terminology, where you want to restrict access because the site isn’t meant to be open to the public yet.

It enables people to view the site as as an anonymous user (in the Plone sense), so without having to log in into Plone.

It is not intended for intranets, and other sites where login is required anyway. In that case, this product is either not necessary, or you’re better off using iw.rejectanonymous.

### Plain text

The site password is stored internally as plain text. Do not use your personal super secure password here, because we intended it to be used by several people.

The password should be easy to look up and communicate, which is why we store it in plain text.

If you have a different use case for this product where you want a different behaviour: We do welcome pull requests!

## Alternatives

You might also achieve this with: - web server Basic Auth - IP restriction

But if your hosting setup is such that that isn’t an option, this package might help.

## How to use

Go to the Plone control panel, to the “Security” tab.

You will see a checkbox “Site behind password”. Check it to activate the passwordwall. This means users will need to supply credentials before they can use the site.

Users that are already logged in as Plone users are not asked for credentials.

The password can be set by the “Password” field. This is what people have to type in the “password” box in the dialog to get access.

### Picking a password

It’s recommended to not use dictionary words as is, nor should you use other well known phrases as passwords. This is because their MD5 hashes (which we store as the cookie value) would easily reveal the password. Just mixing in a couple of numbers or other characters should make for a fine password. Try it on https://isc.sans.edu/tools/reversehash.html if you’re not sure.

### Changing the password

When you change the password, existing cookies will be invalid, because the password hash changed. People without Plone accounts (or who are logged out from Plone) will be forced to re-enter the credentials.

## Thank you

  • Ingeniweb for iw.rejectanonymous, some of whose code this product copied. All spelling mistakes are also their fault.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for collective.passwordwall, version 0.1a1
Filename, size File type Python version Upload date Hashes
Filename, size collective.passwordwall-0.1a1.tar.gz (6.0 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page