[Zope-dev] Re: [Zope3-dev] How (in)secure is Zope?
Christian Tismer
tismer@tismer.com
Thu, 13 Mar 2003 19:59:09 +0100
Tim Peters wrote:
> [Christian Tismer]
>
>>...
>>I don't mean to offend anybody by this, it is just
>>a very simple question which I cannot answer alone.
>
>
> There may be a simple question hiding in this, but it's hard to find <wink>.
>
> You try: how secure is sendmail? how secure is ssh? how secure is Python?
> Answer those simple(?!) questions in the way you're looking for, and maybe
> someone can do the same wrt Zope. As is, you *appear* to be asking for a
> one-word summary of an encyclopedia. "Big" <wink>.
Hey, you're right.
Maybe, by "simple question" I meant "short question",
not necessarily easy to answer at all. :-)
For the sysadmin's POV, I think it should be formulated
like:
If I install Zope, and I don't have the time to become
a Zope guru, what are the newly accumulated risks
for my system, if I use the default installation?
The biggest fear would probably be a number of known
exploits, and Joe Hacker just has to download some
of "those tools", and the system is open.
It appears that at least *that* is not the case.
I think the answers given on the list were quite
useful, thanks to you all!
cheers - chris
p.s.: sendmail? ssh? Python?
Security exploits are discussed in the bugtraq list.
I can find them all in the list archive.
What about Zope? It is not in bugtraq.
--
Christian Tismer :^) <mailto:tismer@tismer.com>
Mission Impossible 5oftware : Have a break! Take a ride on Python's
Johannes-Niemeyer-Weg 9a : *Starship* http://starship.python.net/
14109 Berlin : PGP key -> http://wwwkeys.pgp.net/
work +49 30 89 09 53 34 home +49 30 802 86 56 pager +49 173 24 18 776
PGP 0x57F3BF04 9064 F4E1 D754 C2FF 1619 305B C09C 5A3B 57F3 BF04
whom do you want to sponsor today? http://www.stackless.com/