9 Oct
2001
9 Oct
'01
4:17 p.m.
On the "Zope Changes" page for Zope 2.4.0 (http://www.zope.org/Products/Zope/2.4.0/CHANGES.txt), one of the changes mentioned is "Fixed handling of invalid HTTP requests." One of the main arguments (as I understood them) for running Zope behind Apache/Squid/IIS was that Zope was susceptible to denial of service attacks due to the way it handled HTTP requests. The Apache/Squid/IIS front-end was used to sanitize the HTTP request. Does the change made with the release of 2.4.0 fix this problem? If so, what other roadblocks are there to running Zope "naked"? Thanks, Aaron Gillette abg@comco-inc.com