Errr... Zope's big but it's not magical :-) It can't subvert standard UNIX security. You can be assured that it will run under whatever UID you tell it to run under (except root). So I'm not sure I understand the guy's concern. I imagine it's just too much trouble for him to dig deeply into. In case you haven't noticed yet, most people don't like to take the time to learn new things. :-) I would suggest finding a Zope-friendly ISP instead of wrestling with this one. "darcy w. christ" wrote:
i'm trying to convince my webhosting service that zope is a good thing. The guy there has some concern. Could anyone help me to convince him, or are his concerns valid? Is anyone using zope in this kind of multiuser environment?
The main issue is security -- we have to be able to run each user-supplied program with the UID of the user who owns it. If all user-supplied applications run with the same UID (the UID of a server, or of some pseudo-user), that would be a problem which would most probably prevent us from being able to implement this safely in a multi-user environment. We run all CGIs with user UIDs, but zope's architecture may circumvent that, even when run as a CGI, judging from what I've read so far.
-- ~/darcy w. christ 416.463.8385
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
-- Chris McDonough Digital Creations, Inc. Zope - http://www.zope.org