Stuart 'Zen' Bishop wrote:
On Wed, 10 Nov 1999, Otto Hammersmith wrote:
So, my question is, does there exist a laundry list of common Zope misconfigurations? Does there need to be one (Zope.org tips)? The solution is rather obvious (settings on the security tab for the folder) but how do new users know to catch that kind of thing?
Sounds like a perfect fit for a tip to me.
Wrote one, it's at http://www.zope.org/Members/otto/zsqlmethods.
I was considering documenting a 'secure' zope site how-to when I get to that stage of my development (which involves me learning more) - at the moment I'm the only user on my server, but security is always in my design criteria as I'm solely concerned with developing a secured Intranet (eek! I used a marketing term!). If someone has already created such a checklist and allowed to share it, I would be interested in seeing it and it will probably end up in a how-to.
Under the assumption that someone hasn't, I suggest anyone with security tips do as this tip suggests, http://www.zope.org/Members/otto/firstsecurity. That has a query link that should generate a list of all the security tips on Zope.org... as soon as my first two get cataloged. :) I also just added a News item.
Hmm.... I see the need for a 'SecurityReport' Product - a document that scans the permissions on the current folder down and displays a tree detailing who has what rights.
Hm, Z Satan. :) That would be neat, though... -Otto.