[Zope-dev] Zope 2.6 planning - call for contributors!

Andy McKay andy@agmweb.ca
Sun, 3 Mar 2002 17:07:44 -0800


> Ive never really understood the motivation for wanting https support
> direct in Zope.... ZServer isnt robust enough to be exposed to the raw
> internet without risk. Today (and perhaps for the forseeable future,
> because its not clear that Zope want to take on the responsibility of

ZServer may not be as robust as Apache or Squid but many, many people expose
raw to the internet without problem (and compare that to other products from
Redmond). The main motivation is that many people use Zope as a single
solution, by installing Zope they can get everything they need to get a web
site. By having the ZMI only available through HTTPS by default for example
will definitely increase security and make Zope a better all in package. It
obviously won't help the enterprise customer.

Is there actually a huge amount of risk in this? The patches are there and
seem to work ok most of the work seems to have been done already...
--
  Andy McKay