Since I do this type of thing for a living, I can tell you the best answer is Option B. If your company is that security paranoid, a DMZ is always a better idea than poking holes in end-to-end connections in the firewall. On 12-Sep-2000 Coleman, Bryan wrote:
I almost have my company convinced that Zope is the technology to use for our Intranet/Extranet. However they are very concerned with security. I have proposed two security schemes that I would like zope community feed back on for potential holes.
Option A: Poke a hole through our firewall on the primary http port or on port 8080 to allow Zope pages through and then require authentication on the first page.
Option B: Set up a DMZ off the firewall to allow the same as the above.
Any feed back would be welcome.
-- M. Adam Kendall | Got Linux? Internetworking & | We do. Security Architect | akendall@devis.com | http://www.devis.com