[Zope] Zope and security.

Wed, 10 Nov 1999 18:21:46 +1100 (EST)

On Wed, 10 Nov 1999, Otto Hammersmith wrote:

> So, my question is, does there exist a laundry list of common Zope
> misconfigurations?  Does there need to be one (Zope.org tips)? The
> solution is rather obvious (settings on the security tab for the folder)
> but how do new users know to catch that kind of thing?

Sounds like a perfect fit for a tip to me.

I was considering documenting a 'secure' zope site how-to when I get to that
stage of my development (which involves me learning more) - at the moment 
I'm the only user on my server, but security is always in my design criteria 
as I'm solely concerned with developing a secured Intranet (eek! 
I used a marketing term!). If someone has already created such a checklist
and allowed to share it, I would be interested in seeing it and it will
probably end up in a how-to.

Hmm.... I see the need for a 'SecurityReport' Product - a document that 
scans the permissions on the current folder down and displays a tree 
detailing who has what rights.

 ___
   //     Zen (alias Stuart Bishop)     Work: zen@cs.rmit.edu.au
  // E N  Senior Systems Alchemist      Play: zen@shangri-la.dropbear.id.au
 //__     Computer Science, RMIT 	 WWW: http://www.cs.rmit.edu.au/~zen