-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 michael nt milne wrote:

Hi

Just a quick query about Zope security etc. I've got an installation on a Windows server using Apache, which also hosts internal email/data etc. This is behind a router/firewall. Just wondering if there are any Zope security issues that I should be aware of? How secure is Zope?

Thanks

Michael

PS This is a re-send as it bounced the first time round.

I would rate Zope overall as a reasonably secure platform. Because the builk of it, including all the socket handling code, is written in Python, it does not suffer from buffer overflow problems. If you look at the list of security alerts ("hotfixes", see you will note that the *vast* majority of them have been relevant only for sites which allow less-than-fully-trusted users to write through-the-web code, a use case which most sites do not have. Zope's own security model is used to protect data within the ZODB from improper access by site visitors. It is possible to configure the model for *very* fine-grained access control; OTOH, such safely using such power requires mastering a good deal of complexity. Other frameworks build atop Zope (CMF, Plone, Silva, CPS) present reduced views of that flexibility, tailored to well-understood patterns. For machines which handle both Zope and other sensitive data: - Zope is a long-running process: the user-as-whom-Zope-runs (UAWZR), should ideally be a dedicated account, with read access to the Zope instance directory ("INSTANCE_HOME"), Zope software directorie, and neccesary system libraries, and write access only to the directories where it writes its data and logfiles (the '$INSTANCE_HOME/var'). - Zope's own security model trusts the filesystem code implicitly, which means that you *don't* want to give arbitrary access to the software directory or the instance home. You should probably block even read access to the 'var' subdirectory, as the database files there might expose sensitive data to prying eyes. Note that none of this advice is Windows-specific. One bit shich is: - When running a ZEO storage server, you need to protect the socket on which it listens from unauthorized access. On a Unix box, you can make it a Unix-domain socket, which can be protected with appropriate filesystem permissions. If using a TCP socket (required on Windows), you need to configure it to listen only on "trusted" interfaces, e.g., localhost, or an IP address which is in a carefully firewalled submet. Tres. - -- =================================================================== Tres Seaver +1 202-558-7113 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDxpSc+gerLs4ltQ4RAsxiAJ95KNhuahs581czEGzOYI4QJwPWHwCgxWbk iTbs+bHf6ZngwFW3lCaboCY= =+1h3 -----END PGP SIGNATURE-----