Hi I'd like to talk about security and Zope. How secure is Zope ? If you have two interface on one server can you configure Zope to display manage screens and public Web pages on two different nic interface. Any known security bugs or exploits ? My sysadmin is paranoid about security... (he's the same who doesn't want to hear about Linux :) ) -- >> WinErr: 080 Clavier introuvable - Veuillez appuyer sur n'importe quelle touche pour continuer. << Arnaud LECAT >> Email: lecat@hexanet.fr >> WWW page:www.hexanet.fr/~lecat HEXANET >> http://www.hexanet.fr Z.A. Farman sud - 9 rue Roland Coffignot BP 415 - 51689 Reims Cedex 2 - France phone: (33) 03 26 79 30 05 Fax: (33) 03 26 79 30 06
On Mon, Aug 23, 1999 at 11:53:59AM +0200, Arnaud Lecat wrote:
I'd like to talk about security and Zope. How secure is Zope ? If you have two interface on one server can you configure Zope to display manage screens and public Web pages on two different nic interface.
The management interface is served from the same process as the main pages, so you can't bind it to a different interface. But you could restrict the access of the privileged users to the subnet of the second interface.
Any known security bugs or exploits ? My sysadmin is paranoid about security...
There are no exploits AFAIK. And it would be *very* hard (if not impossible) to create one, because: 1. Zope is written in Python, so buffer overflows are impossible 2. You are running Zope as an unprivileged user, aren't you ?
(he's the same who doesn't want to hear about Linux :) )
I'm-using-Linux-and-I'm-happy-about-that'ly yours, -Petru
Dear Zopistas, How should "Zope" be pronounced? Does the word mean something special, is it an American English slang term? / Svante Kleist, curious
participants (3)
-
Arnaud Lecat -
Petru Paler -
Svante Kleist