[Zope-dev] application server standards

Dieter Maurer dieter at handshake.de
Thu Jun 2 15:18:38 EDT 2005 

John Doe wrote at 2005-6-2 13:37 +0200:
> ...
>1> How scalable is Zope (& how)?

Quite good.

We handle in the order of a million (fat) requests per day per Zope instance.
We currently have 5 Zope instances all interfacing via ZEO to the
same ZODB (thus, we handle in the order of 5 million (fat) requests per day)

Static objects are served by an external cache such that Zope
is usually only contacted for non-static objects (that's why I spoke
about "fat" requests above).

>2> With regard to "web application standards" how does it
>comply:
>     - HTTP protocol support

It support HTTP 1.0 and a bit of HTTP 1.1 (e.g. If-Modified-Since
and byte range requests for some appropriate object types).

But usually, you put an HTTP 1.1 compatible Web server before Zope
(e.g. Apache or Squid).

>     - server-side code execution

What standards are you interested in?

>     - client-side code execution

Its a web application *server*!

It does not help you with the client side
neither does it prevent you to use any client side technique you like...

>     - easy integration of javascript for client side
>checking

See above.

Use as much JavaScript as you like...

>     - any database adapters provided by the framework

Usually separate products (sometimes third party and commercial).
But for most well known databases...

>     - communication standards integration

HTTP, FTP, WebDAV and XML-RPC by default.

I read about people that used CORBA or SOAP to call
out of Zope or made Zope an SOAP server.
I do not know about published solutions, however.

>     - management tools and remote controls

You mean what by this?

The complete Zope management is via HTTP (and is easily extensible).
Therefore, it can be completely automated...

>3> How well does Zope rate in the security department?

I never heard that someone got operating system or even root access via Zope...

In the last few years there have been a few hotfixes -- usually
to fix problems in case you allow your visitors to create
executable content in your site. Security problems were
usually fixed very quick by a hotfix.

-- 
Dieter

More information about the Zope-Dev mailing list