[Zope] Important Security Concerns

[Coleman, Bryan]

I almost have my company convinced that Zope is the technology to use for
our Intranet/Extranet. However they are very concerned with security. I have
proposed two security schemes that I would like zope community feed back on
for potential holes.

Option A: Poke a hole through our firewall on the primary http port or on
port 8080 to allow Zope pages through and then require authentication on the
first page.

Option B: Set up a DMZ off the firewall to allow the same as the above.

Any feed back would be welcome.

- Bryan Patrick Coleman
  Questcon Technologies
  (336)273-2428 ext-416
  bcoleman@questcon.com