[Zope] security issues

Anthony Baxter Anthony Baxter <anthony@interlink.com.au>
Thu, 01 Jun 2000 18:43:33 +1000


>>> Ragnar Beer wrote
> Howdy everyone!
> 
> I will soon have a Zope-site ready to go online. How can I make shure 
> that I did everything (concerning Zope) to stop intruders? Where can 
> I find information about protecting a Zope-site? Has anyone had 
> security problems so far?

Easiest (most brutal?) fix I've found - hide Zope behind an Apache,
and prohibit access to any URLs of the form .*/manage.*

If you don't need to use basic auth to the Zope, then use a rewrite
rule to strip out any Authentication headers in the requests.

Anthony