[Zope-dev] How (in)secure is Zope?

Anthony Baxter Anthony Baxter <anthony@interlink.com.au>
Thu, 13 Mar 2003 23:37:49 +1100


>>> Jamie Heilman wrote
> Without properly configured resource limits, it is trivial to use an
> exposed Zope instance to exhaust host resources. 

If this is a real risk for you, you should be using per-process limits 
to make sure that the host can't be completely destroyed. Sure, zope 
will fall over when it hits the limit, but that's better than taking 
out the whole host.

Yes, the existing bugs should (and probably will) be addressed as
they're found, but as a belt-and-braces kinda thing, limits are also
useful.


> 
> Zope's bug collector hides security related bugs until they are deemed
> worth of display by the controllers.  Personally I think full
> disclosure is preferable to secrecy, but I'm willing to play by the
> rules laid down as long as I think the system is working for the
> general benefit of the community.  You may have noticed I haven't been
> terribly secretive about recent cross site scripting or cache
> poisoning issues, and that can be attributed to, in part, my growing
> disastifaction with the system.

That's really a separate issue that is a zope corp thing to address...

Anthony

-- 
Anthony Baxter     <anthony@interlink.com.au>   
It's never too late to have a happy childhood.