I know not much about security because I don't have to worry about it, but out of your talk, it seems that your company finds apache secure. Then why don't you just run Zope behind Apache with a FASTCGI, or something else? Sorry if I'm completely missing the point of your problem. Regards, Tom. At 08:31 12/09/2000 -0400, you wrote:
That would cause another whole set of problems, unless apache is inherity more secure than Medusa. I was really wondering what the risks are associated with those two options.
- Bryan Patrick Coleman Questcon Technologies (336)273-2428 ext-416 bcoleman@questcon.com
-----Original Message----- From: Phil Harris [SMTP:phil.harris@zope.co.uk] Sent: Tuesday, September 12, 2000 5:15 AM To: Coleman, Bryan; zope@zope.org Subject: Re: [Zope] Important Security Concerns
Another option might be to proxy the Zope server through Apache on port 80.
----- Original Message ----- From: "Coleman, Bryan" <bcoleman@questcon.com> To: <zope@zope.org> Sent: Tuesday, September 12, 2000 12:43 PM Subject: [Zope] Important Security Concerns
I almost have my company convinced that Zope is the technology to use for our Intranet/Extranet. However they are very concerned with security. I have proposed two security schemes that I would like zope community feed back on for potential holes.
Option A: Poke a hole through our firewall on the primary http port or on port 8080 to allow Zope pages through and then require authentication on the first page.
Option B: Set up a DMZ off the firewall to allow the same as the above.
Any feed back would be welcome.
- Bryan Patrick Coleman Questcon Technologies (336)273-2428 ext-416 bcoleman@questcon.com
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )