On Tue, 9 Oct 2001 11:17:26 -0500, abg@comco-inc.com wrote:
On the "Zope Changes" page for Zope 2.4.0 (http://www.zope.org/Products/Zope/2.4.0/CHANGES.txt), one of the changes mentioned is "Fixed handling of invalid HTTP requests."
One of the main arguments (as I understood them) for running Zope behind Apache/Squid/IIS was that Zope was susceptible to denial of service attacks due to the way it handled HTTP requests. The Apache/Squid/IIS front-end was used to sanitize the HTTP request.
yes
Does the change made with the release of 2.4.0 fix this problem?
not all of them
If so, what other roadblocks are there to running Zope "naked"?
I personally wouldnt expose a "naked" ZServer to an untrusted network without a major rewrite; it simply hasnt been designed for that job. Toby Dickenson tdickenson@geminidataloggers.com