It's true that you can't control the permissions of the port. If this is a requirement, you'll need to dig out the old PCGI package and get it working yourself (it's supported on the client via the <persistent-cgi> directive, there's just no way to set up the PCGI socket itself during installation), or use FastCGI. - C ----- Original Message ----- From: "Jens Vagelpohl" <jens@zope.com> To: "Tiller, Michael (M.M.)" <mtiller@ford.com> Cc: <zope@zope.org> Sent: Thursday, August 28, 2003 10:03 AM Subject: Re: [Zope] Can't build resource file for PCGI on Zope 2.7b1
Very simple if the frontend webserver sits on the same machine: Have Zope listen on a port on localhost only. Then your frontend server simply redirects/rewrites/whatever to that port on localhost. Thus Zope won't be reachable on any external interface.
Ah...good point. Thanks for reminding me. That is a step in the right direction.
BUT, it still seems to me that it isn't as good a named pipe (although I'd be glad to be proven wrong) because with a named pipe *you can control the permissions of the pipe* whereas anyone can connect to the localhost port if they have an account on the machine.
Am I missing something again? :-)
I have never seen any situation in which I needed to exert control over the connection between the frontend web server and Zope beyond "securing" access so no one from the outside can talk to it. I don't quite get what the problem is.
jens
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.510 / Virus Database: 307 - Release Date: 8/14/2003