I almost have my company convinced that Zope is the technology to use for our Intranet/Extranet. However they are very concerned with security. I have proposed two security schemes that I would like zope community feed back on for potential holes. Option A: Poke a hole through our firewall on the primary http port or on port 8080 to allow Zope pages through and then require authentication on the first page. Option B: Set up a DMZ off the firewall to allow the same as the above. Any feed back would be welcome. - Bryan Patrick Coleman Questcon Technologies (336)273-2428 ext-416 bcoleman@questcon.com
Another option might be to proxy the Zope server through Apache on port 80. ----- Original Message ----- From: "Coleman, Bryan" <bcoleman@questcon.com> To: <zope@zope.org> Sent: Tuesday, September 12, 2000 12:43 PM Subject: [Zope] Important Security Concerns
I almost have my company convinced that Zope is the technology to use for our Intranet/Extranet. However they are very concerned with security. I have proposed two security schemes that I would like zope community feed back on for potential holes.
Option A: Poke a hole through our firewall on the primary http port or on port 8080 to allow Zope pages through and then require authentication on the first page.
Option B: Set up a DMZ off the firewall to allow the same as the above.
Any feed back would be welcome.
- Bryan Patrick Coleman Questcon Technologies (336)273-2428 ext-416 bcoleman@questcon.com
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Since I do this type of thing for a living, I can tell you the best answer is Option B. If your company is that security paranoid, a DMZ is always a better idea than poking holes in end-to-end connections in the firewall. On 12-Sep-2000 Coleman, Bryan wrote:
I almost have my company convinced that Zope is the technology to use for our Intranet/Extranet. However they are very concerned with security. I have proposed two security schemes that I would like zope community feed back on for potential holes.
Option A: Poke a hole through our firewall on the primary http port or on port 8080 to allow Zope pages through and then require authentication on the first page.
Option B: Set up a DMZ off the firewall to allow the same as the above.
Any feed back would be welcome.
-- M. Adam Kendall | Got Linux? Internetworking & | We do. Security Architect | akendall@devis.com | http://www.devis.com
participants (3)
-
Coleman, Bryan -
M. Adam Kendall -
Phil Harris