[Zope] zope for webhosting
Chris McDonough
chrism@digicool.com
Thu, 17 Feb 2000 23:23:56 -0500
Errr... Zope's big but it's not magical :-) It can't subvert standard
UNIX security. You can be assured that it will run under whatever UID
you tell it to run under (except root). So I'm not sure I understand
the guy's concern. I imagine it's just too much trouble for him to dig
deeply into. In case you haven't noticed yet, most people don't like to
take the time to learn new things. :-) I would suggest finding a
Zope-friendly ISP instead of wrestling with this one.
"darcy w. christ" wrote:
>
> i'm trying to convince my webhosting service that zope is a good thing.
> The guy there has some concern. Could anyone help me to convince him,
> or are his concerns valid? Is anyone using zope in this kind of
> multiuser environment?
>
> > The main issue is security -- we have to be able to run each user-supplied
> > program with the UID of the user who owns it. If all user-supplied
> > applications run with the same UID (the UID of a server, or of some
> > pseudo-user), that would be a problem which would most probably prevent us
> > from being able to implement this safely in a multi-user environment. We
> > run all CGIs with user UIDs, but zope's architecture may circumvent that,
> > even when run as a CGI, judging from what I've read so far.
> >
> --
> ~/darcy w. christ
> 416.463.8385
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )
--
Chris McDonough
Digital Creations, Inc.
Zope - http://www.zope.org