On Thursday 22 November 2001 00:56, Toby Dickenson wrote:
Zope's http implementation is *not* *robust* enough to be exposed to the raw internet. It has a number of serious, and fairly obvious denial-of-service vulnerabilities.
Toby, are these vulnerabilities in the collector? If not, and you've got the time, could you put them in there?
Some of them were in the old collector.
I dont think it would be humanly possible to list them all. Its more than a few bugs which individually may be fixable... Zope's http layer simply wasnt designed with this kind of robustness in mind, and its only a small exaggeration to say that *everything* is wrong.
Also, Im not sure its worth the effort. This isnt the only compelling reason for using a font-end proxy. Using a proxy makes this problem a non-issue, so why bother fixing it?
... because it requires the installation of Yet Another Piece Of Software, which can fail or otherwise go sideways in its own peculiar ways. Richard