[Zope-dev] RE: [Zope] ZDESIGN IDEAS = How to improve 'manage' ?

Ken Manheimer klm@digicool.com
Tue, 9 Jan 2001 16:49:06 -0500 (EST)


[This thread should not be crossposted to both mailling lists.  I'm
following up to zope-dev, and will post a note to zope saying i did so.  
In general, please do *not* cross-post - it's almost never justified,
certainly isn't in this case.]

On Tue, 9 Jan 2001, Mohan Baro wrote:

> My view is that as a sysadmin, I rather give ZOPE superuser/manager the
> ability install products through ZOPE, rather than giving them access to the
> OS.

The point is that giving web-access visitors the ability to install
products inherently gives them total OS/filesystem access, with the
authority of the account that is running zope.  As things stand, you can
give out web access *without* this OS/FS exposure - you're talking about
eliminating the discretion.

> Another view I have is that I do not want my developers to think about which
> platform they are working on.

This convenience will be at the cost of risk.  If you're willing to take
the risk, products that give filesystem and command access will give that
to you.  (Is local filesystem access what LocalFS does?)  Zope shouldn't
_force_ you to be exposed to that risk, just because some people want the
convenience.

> ZOPE runs on a variety of OSes and each one of then have their own way of
> providing file/directory security (or no security win9x). Zope should rely
> on its own security for its products.

... overriding the discretion of the system administrators?  Not
proper.  System administrators should have the choice - if they don't,
they'll refuse to run zope in droves - and well they ought to refuse.

Ken Manheimer
klm@digicool.com