[Zope-dev] How (in)secure is Zope?
Lennart Regebro
lennart@regebro.nu
Thu, 13 Mar 2003 10:25:16 +0100
My answer to this is:
1. Protecting yourself from your users:
Zope fine grained acces control means that you can set up access
restrictions that do exactly what you want and let user do what they
need, and prevents them from doing what they should not.
Obviously you can also make everybody do everything, so how secure a
software is in this sense is not a measure of how secure your
installation is, but of how secure it CAN be.
In this sense Zope is VERY secure.
2. Protecting yourself from packet snooping:
Zope doesn't have any encryption built-in, SSL needs external software
to implement fro example.
In this sense Zope can be MADE secure with some work, but is not secure
at all out of the box.
3. Protecting yourself againt forceful entry:
To my knowledge, nobody has cracked open a reasonably correctly
configured Zope server yet. If this is because nobody has tried or
nobody has suceeded, I wouldn't know. Security by obscurity does not
help against the determined hacker, but it helps against script kids,
and they are a more common problem.
Zope is probably secure in this sense.
4. Protecting yourself against data loss:
The ZODB is very resilient against crashes and data loss. Making a
simple backup each day is plenty.
Zope is VERY secure in this sense.
5. Protecting yourself against denial of service:
Zope does not seem to crash if you send random data to it, and I have in
logs seen attemps to overflow buffers and the like that obviously are
attempt to crash or break in to other (MS) servers, without this
affecting Zope at all. If you don't trust Zope in this, you can put
Apache in front of it.
In this sense Zope is again VERY secure.
So all in all, Zope is a pretty good choice from this standpoint. I
wouldn't use it without external SSL stuff if I were a bank, but
otherwise I'm perfectly confident in the stability and security of Zope.