[Zope-dev] How (in)secure is Zope?

[Lennart Regebro]

My answer to this is:


1. Protecting yourself from your users:
Zope fine grained acces control means that you can set up access 
restrictions that do exactly what you want and let user do what they 
need, and prevents them from doing what they should not.
Obviously you can also make everybody do everything, so how secure a 
software is in this sense is not a measure of how secure your 
installation is, but of how secure it CAN be.

In this sense Zope is VERY secure.

2. Protecting yourself from packet snooping:
Zope doesn't have any encryption built-in, SSL needs external software 
to implement fro example.

In this sense Zope can be MADE secure with some work, but is not secure 
at all out of the box.

3. Protecting yourself againt forceful entry:
To my knowledge, nobody has cracked open a reasonably correctly 
configured Zope server yet. If this is because nobody has tried or 
nobody has suceeded, I wouldn't know. Security by obscurity does not 
help against the determined hacker, but it helps against script kids, 
and they are a more common problem.

Zope is probably secure in this sense.

4. Protecting yourself against data loss:
The ZODB is very resilient against crashes and data loss. Making a 
simple backup each day is plenty.

Zope is VERY secure in this sense.

5. Protecting yourself against denial of service:
Zope does not seem to crash if you send random data to it, and I have in 
logs seen attemps to overflow buffers and the like that obviously are 
attempt to crash or break in to other (MS) servers, without this 
affecting Zope at all. If you don't trust Zope in this, you can put 
Apache in front of it.

In this sense Zope is again VERY secure.

So all in all, Zope is a pretty good choice from this standpoint. I 
wouldn't use it without external SSL stuff if I were a bank, but 
otherwise I'm perfectly confident in the stability and security of Zope.