[Zope] - A little problem...
Anthony Baxter
Anthony Baxter <anthony@interlink.com.au>
Wed, 20 Jan 1999 11:04:53 +1100
Jeff Bauer wrote:
>
> [ Discussion about using suid to allow Zope to run on port 80 ]
> > But I don't know how I can hand over a socket like
> > that... Especially not how Zope would handle it... Any ideas?
>
> My first response: Does Zope need to run on port 80 at
> your site? If you can run it on a port >1024, you will
> have a much smaller security hole.
Or better yet, if the operating system allows you to adjust the
port range that needs root, adjust that down to zero. If the machine
is a single purpose webserver with no users, there's almost no value
to the <1024 privileged port rubbish.
(all of the free unixen and Solaris 2.x^H^H^H7 can do this - probably
other modern unixen can do it too.)
Anthony
--
Anthony Baxter, NextTelecom.
email:anthony@interlink.com.au, voice: +61 416 271 170