[Zope-dev] Allowing secure 'import' access in zope folder hosting
Ivo van der Wijk
ivo@amaze.nl
Fri, 20 Apr 2001 19:21:48 +0200
Hi all,
I tried to ask this on the standard zope list, but noone seemed to know
anything about it. Perhaps you do?
We provide zope hosting, both folder based (where people have access
to their own folder, mapped to a domain, and no access to the zope
server / source / var / import / lib directories) and pure zope hosting
(i.e. an entire own zope server for this customer)
In the folder case, one of our customers whishes to upload his locally
developped site as .zexp to our zope server and import it there.
Can this be done safely? I.e. withouth compromising the other customers
security?
>From some discussions where had on #zope I understand that expecialy
proxy roles may be a problem which may be fixed by requiring the user
to take ownership.
Would this fix all security issues? Or are there any other unforseen problems?
Would anyone know another solution to achieve the same functionality?
(ftp won't work, as you can't, for example, upload userfolders)
Would it be possible to perform a scan on an xml exports for unwanted
proxy roles and other security issues?
Thanks,
Ivo
--
Drs. I.R. van der Wijk -=-
Brouwersgracht 132 Amaze Internet Services V.O.F.
1013 HA Amsterdam -=-
Tel: +31-20-4688336 Linux/Unix based corporate
Fax: +31-20-4688337 and
Web: http://www.amaze.nl/ Internet Solutions
Email: ivo@amaze.nl -=-