[Zope] scary security questions

Stuart 'Zen' Bishop zen@cs.rmit.edu.au
Fri, 12 May 2000 23:48:10 +1000 (EST)


On Thu, 11 May 2000, Paul Abrams wrote:

> 2) Is there any way to turn off the manage screens, or set
> them so that they can only be run locally?

I would run Zope behind another web server for this (eg. Apache)
and use it to stop access to */manage* from bad addresses.
Note you can't just block of */manage/*, as that will still
allow access to functions like manage_delete directly. This may
affect the usability of other products.

A better alternative is to not allow access by accounts with
management rights from external addresses.

> 5 er...3) Is there any way to run the manage screens on a
> different port than the rest of Zope? (i.e. not port 80)
> This would allow us to open/close that port in our firewall
> whenever we needed to access the manage screens remotely,
> or run it over a VPN.

Yes - you will need to run it behind another web server again.
If you want to use something like GenericUserFolder or LoginManager
to control your authentication, it will be possible to only allow
certain users to login via certain interfaces (eg. manager level accounts
must have connected via SSL).

> What are other people doing to protect themselves?

Ensure your connection can't be sniffed (SSL or trusted network),
keep your workstations free from trojans, and don't have simple passwords
that can be cracked.

If your more paranoid, you can look into using certificate based
or single sign on authentication schemes but you will need to invest
development time - the frameworks are there (LoginManager) but you will 
need to give them the brains.

-- 
 ___
   //     Zen (alias Stuart Bishop)     Work: zen@cs.rmit.edu.au
  // E N  Senior Systems Alchemist      Play: zen@shangri-la.dropbear.id.au
 //__     Computer Science, RMIT 	 WWW: http://www.cs.rmit.edu.au/~zen