On Mon, 29 Apr 2002 16:28:49 -0700 (PDT), Ing Soc <ingsocdoubleungood@yahoo.com> wrote:
INTERNET | (a) | ------------------------------- | Router/Packet Filter Firewall | ------------------------------- | (b) | -------------------------------------- | Front end Apache HTTP server (Linux) | -------------------------------------- | (c) | ------------------------ | Packet Filter Firewall | ------------------------ | (d) | --------------------------------- | Zope Application Server (Linux) | --------------------------------- | (e) | --------------------------------- | Internal Oracle Database Server | ---------------------------------
This scenario transfers unencrypted zope passwords over your internal network. Is this a problem? If yes you might be better with a topology like: internet | packet filter | apache | zope | packet filter | oracle That loses the packet filter between apache and zope, but Im not sure when benefit that was giving you. Suppose Apache is compromised.... what damage could it do to zope that a packet filter would prevent? This all assumes you are not using zeo. If you are, then it is a good idea to put zope and zeo behind a packet filter: internet | packet filter | apache | packet filter -------- zope ---- zeo | oracle This is exactly the topology that I am using now. Toby Dickenson tdickenson@geminidataloggers.com