There do appear to be a large number of hotfixes but you could examine what they are actually for since most are extremely obscure and dont actually present much of a risk. I rarely bother with most hotfixes, just move up to the next Zope as it comes out. Zope is very secure, the only obvious problem is, as you say, passwords are not encrypted. -- Andy McKay ----- Original Message ----- From: "Alastair Burt" <burt@dfki.de> To: <zope@zope.org> Sent: Tuesday, May 15, 2001 7:15 AM Subject: [Zope] Zope Security
I am getting aggravation from our sysadmin, who is reluctant to poke holes in our new firewall for my Zope ports. He claims he knows of no software in the last few years that has so many security holes. Is there anything to justify this claim? I know there are an alarmingly large number of Zope hotfixes on the security mailing lists and that login passwords get sent in the clear, when not using ssl. On the other hand, I know of no attempt to hack a Zope site.
--- Alastair
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )