I assume this comes from FTP logins. You should not be worried. Zope can't determine (in a efficient way) if a user/password is allowed to login. Therefore every login is successful. BUT it checks the permissions when someone tries to access an object. The reason is that you can have lots and lots of user folders inside Zope. and it would too much time to walk through all folder and search for the permissions. It's really not a security problem. Andreas ----- Original Message ----- From: "Chris Gray" <cpgray@library.uwaterloo.ca> To: <zope@zope.org> Sent: Mittwoch, 18. Juli 2001 09:15 Subject: [Zope] ZServer Security Question
I'm getting a number of "Successful login" entries in Zope log files. (I've included a sample of the log entries below.) I'm not sure what this message means, but I'm concerned about unknown users logging in to ZServer.
This instance of Zope is only used for intranet stuff and yet the connections are comming from other domains.
I recently took down an instance of Microsoft IIS that was running on port 80 on this machine (for security reasons) and moved the Zope instance from port 8080 to port 80.
Thanks, Chris
2001-07-16T16:47:58 INFO(0) ZServer Incoming connection from 64.230.186.27:3742 ------ 2001-07-16T16:48:02 INFO(0) ZServer Successful login. ------ 2001-07-17T03:53:02 INFO(0) ZServer Incoming connection from 205.211.56.250:4409
------ 2001-07-17T03:53:03 INFO(0) ZServer Incoming connection from 205.211.56.250:4493
------ 2001-07-17T09:52:40 INFO(0) ZServer Incoming connection from 212.190.2.185:4867 ------ 2001-07-17T09:52:40 INFO(0) ZServer Successful login. ------ 2001-07-18T00:48:33 INFO(0) ZServer Incoming connection from 172.190.169.14:4190
------ 2001-07-18T00:48:34 INFO(0) ZServer Successful login. ------ 2001-07-18T10:06:29 INFO(0) ZServer Incoming connection from 217.4.246.45:1935 ------ 2001-07-18T10:06:29 INFO(0) ZServer Successful login.
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )