Odesнlatel: Anton Zubenko <zanton@axystem.com> Our company is developing an application, supposed to be run under dedicated zope server, placed offline in our customers corporate environment and requested via LAN.

What would be the right way to protect this mechanism from hacking, provied that zope is an open-source platform, so any code is hypothetically accessable by the customer and apllication is run completely offline with no intercation with our information system?

The required level of protection is not really high, but we need to be safe from attempts to hack the application by modest programmers at least.

1. use dedicated server with crypted FS (eg., Linux), does not share ANY passwords. 2. does not allow to users gone above specified hierarchy of folders. 3. disable for all other access than "view" all DTML Methods and code-critical DTML documents. etc... Regards JL.