27 Jul
2004
27 Jul
'04
5:22 p.m.
Chris McDonough wrote:
I hate it when people "nanny" me about doing things that are possible but outside of the scope of normal usage, so I hesitate to warn you about this. But I still feel compelled to warn you that running Zope as root is not advisable; while there have been no known remote exploits of Zope that allow an intruder any form of filesystem access, obviously it's possible, so running as root is potentially quite dangerous.
Well, i agree with you. But, still, using suid python scripts for half of my app is a problem... believe me, it will be much easier for someone to find a security flaw in my app than is Zope... :)