Chris said:
Consider also that Zope contains a webserver, a database, its own templating language, and its own search engine. Advise your admin to check the number of combined security reports for Apache, MySQL, embperl, and HTdig for the last year, and compare them against the number reported and fixed in Zope. I'd imagine they're comparable.
Hardly comparable! Zope probably has less Security issues than other comparable pieces of software, for instance IIS. A lot less.
- C
----- Original Message ----- From: "Alastair Burt" <burt@dfki.de> To: <zope@zope.org> Sent: Tuesday, May 15, 2001 10:15 AM Subject: [Zope] Zope Security
I am getting aggravation from our sysadmin, who is reluctant to poke
holes
in our new firewall for my Zope ports. He claims he knows of no software in the last few years that has so many security holes. Is there anything to justify this claim? I know there are an alarmingly large number of Zope hotfixes on the security mailing lists and that login passwords get sent in the clear, when not using ssl. On the other hand, I know of no attempt to hack a Zope site.
--- Alastair
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )