Hi all How can anonymous ftp be disabled on Zope ? ftp on port 8021 (medusa) does not need any login/password !!!! It just lets anybody in. This will be noticed by any automatic security checking tool (I used nessus). However, it does not allow any listing/getting/putting of files. TIA Chetan
That is a feature not a bug. Zope checks the security for every operation. Zope does not have a central user database like a Unix system so it checks the access to objects for every operation. No reason to worry about. Check the mailing list archives for a detailed explanation. -aj ----- Original Message ----- From: "Chetan Kumar" <chetan@cdac.ernet.in> To: <zope@zope.org> Sent: Friday, April 19, 2002 06:31 Subject: [Zope] Anonymous ftp
Hi all How can anonymous ftp be disabled on Zope ? ftp on port 8021 (medusa) does not need any login/password !!!! It just lets anybody in. This will be noticed by any automatic security checking tool (I used nessus). However, it does not allow any listing/getting/putting of files. TIA Chetan
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
participants (2)
-
Andreas Jung -
Chetan Kumar