i'm trying to convince my webhosting service that zope is a good thing. The guy there has some concern. Could anyone help me to convince him, or are his concerns valid? Is anyone using zope in this kind of multiuser environment?
The main issue is security -- we have to be able to run each user-supplied program with the UID of the user who owns it. If all user-supplied applications run with the same UID (the UID of a server, or of some pseudo-user), that would be a problem which would most probably prevent us from being able to implement this safely in a multi-user environment. We run all CGIs with user UIDs, but zope's architecture may circumvent that, even when run as a CGI, judging from what I've read so far.
-- ~/darcy w. christ 416.463.8385