On Mon, Aug 23, 1999 at 11:53:59AM +0200, Arnaud Lecat wrote:
I'd like to talk about security and Zope. How secure is Zope ? If you have two interface on one server can you configure Zope to display manage screens and public Web pages on two different nic interface.
The management interface is served from the same process as the main pages, so you can't bind it to a different interface. But you could restrict the access of the privileged users to the subnet of the second interface.
Any known security bugs or exploits ? My sysadmin is paranoid about security...
There are no exploits AFAIK. And it would be *very* hard (if not impossible) to create one, because: 1. Zope is written in Python, so buffer overflows are impossible 2. You are running Zope as an unprivileged user, aren't you ?
(he's the same who doesn't want to hear about Linux :) )
I'm-using-Linux-and-I'm-happy-about-that'ly yours, -Petru