Gary Shears wrote:
Slightly off topic, but related. Does this mean that the everything on local file system is protected natively in zope. Short of things like buffer overflows. What I mean is, can I somehow muck up security in Zope and compromise my local system, or will only zope objects be affected? I'm an absolute newbie to zope, and still trying to get a handle on the architecture.
As long as you don't use products that read and write arbitrary files (such as LocalFS), Zope doesn't provide any way to write to any directory but the "var" subdirectory (or if it does, it shouldn't and will be fixed.) So yes, Zope's architecture does provide decent isolation from the file system. Also keep in mind that Zope does not run as "root", so if you are running on a Unix-like system such as Linux, even if Zope were fully compromised an intruder would still have to find a security hole in something else before it's possible to write to arbitrary files. Shane