[Zope] security issues
Anthony Baxter
Anthony Baxter <anthony@interlink.com.au>
Thu, 01 Jun 2000 18:43:33 +1000
>>> Ragnar Beer wrote
> Howdy everyone!
>
> I will soon have a Zope-site ready to go online. How can I make shure
> that I did everything (concerning Zope) to stop intruders? Where can
> I find information about protecting a Zope-site? Has anyone had
> security problems so far?
Easiest (most brutal?) fix I've found - hide Zope behind an Apache,
and prohibit access to any URLs of the form .*/manage.*
If you don't need to use basic auth to the Zope, then use a rewrite
rule to strip out any Authentication headers in the requests.
Anthony