[Zope] Zope and security
Petru Paler
ppetru@bv.ro
Mon, 23 Aug 1999 14:49:28 +0300
On Mon, Aug 23, 1999 at 11:53:59AM +0200, Arnaud Lecat wrote:
> I'd like to talk about security and Zope. How secure is Zope ? If you
> have two
> interface on one server can you configure Zope to display manage screens
> and
> public Web pages on two different nic interface.
The management interface is served from the same process as the main
pages, so you can't bind it to a different interface. But you could restrict
the access of the privileged users to the subnet of the second interface.
> Any known security bugs or exploits ? My sysadmin is paranoid about
> security...
There are no exploits AFAIK. And it would be *very* hard (if not
impossible) to create one, because:
1. Zope is written in Python, so buffer overflows are impossible
2. You are running Zope as an unprivileged user, aren't you ?
> (he's the same who doesn't want to hear about Linux :) )
I'm-using-Linux-and-I'm-happy-about-that'ly yours,
-Petru