On Thu, Apr 08, 2004 at 12:07:10PM +0200, Andre Meyer wrote:
For a multi-national military project I have suggested using Plone as CMS and collaboration platform. However, I need to convince people that Zope/Plone is secure enough to prevent leaking of sensitive data.
There are a lot of technologies you can use. For example: Use Apache as front-end server, use https and 128 bit encryption, use certificates/pki (with or without tokens), single sign-on, ldap/active directory/radius, use seperate zope/plone instances. There are enough technical means to choose from. Zope3 might get TUV-IT approved, see http://dev.zope.org/Wikis/DevSite/Projects/ComponentArchitecture/Zope3Newsle... (don't know current status) Take the following quote of Bruce Scheiner into consideration: "If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology" So focus on non-technology side of information security: for example 'Code voor informatiebeveiliging' (I assume you're dutch), British BS 7799 2002 standard on security, ISO17799, etc.. Pieter