[Zope] - ANN: CodeIt does Zope hosting
Bruce Perens
Bruce Perens <bruce@pixar.com>
Fri, 22 Jan 99 23:13 PST
You forgot "Zope doesn't run under a privileged user ID".
It sounds to me as if it would be simple enough, given the way PCGI-wrapper
works, to run Zope in a chroot jail. Apache belongs in there, too. This does
not close _all_ holes, though.
Thanks
Bruce
From: Paul Everitt <Paul@digicool.com>
> In general, when talking about the through-the-web part of Zope:
>
> o The access control machinery tries to cover nearly everything
>
> o Jim Fulton went to great lengths to make DTML and expr's "safe",
> though more work can be done.
>
> o Hallelujah, you _don't_ deal with files on the filesystem! :^)
>
> o All user information and security information is internal to Zope and
> not mixed in with /etc/passwd or group, file system permissions, etc.
>
> o Users only exist in their part of the Folder system, thus can't take
> control of someone else's area
>
> ..plus more I probably haven't thought of.
--
The $70 Billion US "budget surplus" hardly offsets our $5 Trillion national
debt. The debt increased by $133 Billion in the same year we found a
"surplus". More debt is predicted for 1999. See www.concordcoalition.org .
Bruce Perens K6BP bruce@pixar.com 510-620-3502 NCI-1001