[Zope] Zope and security.
Otto Hammersmith
otto@ipass.net
Wed, 10 Nov 1999 13:40:10 -0500
Stuart 'Zen' Bishop wrote:
>
> On Wed, 10 Nov 1999, Otto Hammersmith wrote:
>
> > So, my question is, does there exist a laundry list of common Zope
> > misconfigurations? Does there need to be one (Zope.org tips)? The
> > solution is rather obvious (settings on the security tab for the
> > folder) but how do new users know to catch that kind of thing?
>
> Sounds like a perfect fit for a tip to me.
Wrote one, it's at http://www.zope.org/Members/otto/zsqlmethods.
> I was considering documenting a 'secure' zope site how-to when I get
> to that stage of my development (which involves me learning more) -
> at the moment I'm the only user on my server, but security is always
> in my design criteria as I'm solely concerned with developing a
> secured Intranet (eek! I used a marketing term!). If someone has
> already created such a checklist and allowed to share it, I would be
> interested in seeing it and it will probably end up in a how-to.
Under the assumption that someone hasn't, I suggest anyone with security
tips do as this tip suggests,
http://www.zope.org/Members/otto/firstsecurity. That has a query link
that should generate a list of all the security tips on Zope.org... as
soon as my first two get cataloged. :)
I also just added a News item.
> Hmm.... I see the need for a 'SecurityReport' Product - a document
> that scans the permissions on the current folder down and displays a
> tree detailing who has what rights.
Hm, Z Satan. :)
That would be neat, though...
-Otto.