Dieter Maurer wrote: 
Nikko Wolf wrote at 2005-6-7 14:25 -0600:

- I do not want ANY access by unauthorized users. Obviously they
  must be able to reach a login page, and get instructions on how
  to request an account, password reset, etc.


Put all content in a subfolder of your site and
remove "View" and "Access contents information" from
"Anonymous".
See previous post.  Is there a current, good tutorial for securing Plone from unauthorized use (SSL notwithstanding)?

 
- Here's the complication -- each file will have potentially
  multiple versions in process at once.  Each version of a file
  may have a different state, and I'd like to have a history of
  all changes to each version as they go through the workflow.


Indeed, a bit more complex.

I would model a "file" as a folder like structure containing
the various versions and give it the "right" behaviour.
Currently, I've implemented scripts to do part of this -- although I would not say I've "modeled" anything as much as simply "implemented" scripts & ZPT to allow access in the manner needed.

The issue is that there is no separation of workflow and content view/actions, and there should be, since the workflow may change and I'd like to use the workflow interface to handle those changes (if possible).

- Once a file/version is submitted for review, any of the reviewers
  may work on it, it is not necessary that one role preceded the other,
  but it is required that a user in each role approve the file.


What does that mean?

   Do you have "technical reviewer", "style revierwer", "aestetic reviewer",
   ... and require that at least one from each role approves?
Something like that: someone from each role must approve the version before it can be submitted for final editor approval (not exactly footnotes to a bibliography added by different roles / experts in a field, but that's similar).  Hence, they will actually make minor changes/additions before they approve.
 

- We need to have good automated backup solution for the content
  (as in mirroring the content on another host).


There is a commercial Zope.com solution.

We use mirrored disks and a high availablity cluster.
Ah, the drawback of an opaque (and custom) data store.  

Instead I've got a cron script that will shutdown zope and backup the entire directory tree.  Soon I'll add a second script to pull these files back from the DMZ for archival/storage.

However my question is this -- is it necessary for me to shutdown zope to snapshot the directory?  Given the times of access, I'm *almost* guaranteed that it's been idle for 1+ hours when I do this (famous last words, though those may be).

Knowing that zope is event-driven (and no sleeper thread):
  -- is there any consistency issues of backing up (Data.fs)
     without stopping?
  -- is there another feature of "zopectl" that would tell
     it to "sync" the DB to the file system? "help" gives:
       EOF     fg         kill      quit    run   start  test
       adduser foreground logreopen reload  shell status wait
       debug   help       logtail   restart show  stop

After some testing, I'll probably share the script & crontab entries.

4) How does one secure a Zope+Plone site?

One uses HTTPS and standard authentication.

One tells the users that good passwords are essential.

One does not store clear text password.
The content isn't important enough that I worry about anything that even simple passwords and SSL can't prevent.

I've looked but found no Zope SSL capabilities, so does this requires placing Zope behind Apache, right? 
Ref: http://www.zope.org/Members/simonb/howtos/Set%20Up%20SSL

Thanks in advance,
Nikko