On Wed, 10 Nov 1999, Otto Hammersmith wrote:
So, my question is, does there exist a laundry list of common Zope misconfigurations? Does there need to be one (Zope.org tips)? The solution is rather obvious (settings on the security tab for the folder) but how do new users know to catch that kind of thing?
Sounds like a perfect fit for a tip to me. I was considering documenting a 'secure' zope site how-to when I get to that stage of my development (which involves me learning more) - at the moment I'm the only user on my server, but security is always in my design criteria as I'm solely concerned with developing a secured Intranet (eek! I used a marketing term!). If someone has already created such a checklist and allowed to share it, I would be interested in seeing it and it will probably end up in a how-to. Hmm.... I see the need for a 'SecurityReport' Product - a document that scans the permissions on the current folder down and displays a tree detailing who has what rights. ___ // Zen (alias Stuart Bishop) Work: zen@cs.rmit.edu.au // E N Senior Systems Alchemist Play: zen@shangri-la.dropbear.id.au //__ Computer Science, RMIT WWW: http://www.cs.rmit.edu.au/~zen