[Zope-dev] How (in)secure is Zope?
Toby Dickenson
tdickenson@geminidataloggers.com
Thu, 13 Mar 2003 10:13:31 +0000
On Thursday 13 March 2003 9:25 am, Lennart Regebro wrote:
> 5. Protecting yourself against denial of service:
> Zope does not seem to crash if you send random data to it, and I have in
> logs seen attemps to overflow buffers and the like that obviously are
> attempt to crash or break in to other (MS) servers, without this
> affecting Zope at all.
There is evidence that this is not true.
> If you don't trust Zope in this, you can put
> Apache in front of it.
> In this sense Zope is again VERY secure.
Zope is insecure
Zope+Squid(or Apache or Pound)+OS resource limits+careful choice of products
is secure
(Note that I dont consider this a flaw in Zope.)
--
Toby Dickenson
http://www.geminidataloggers.com/people/tdickenson